CVE-2008-4646 Information

Description

The Websense Reporter Module in Websense Enterprise 6.3.2 stores the SQL database system administrator password in plaintext in CreateDbInstall.log which allows local users to gain privileges to the database.

Reference

http://secunia.com/advisories/32264 http://www.securityfocus.com/bid/31746 http://www.securitytracker.com/id?1021058 http://www.vupen.com/english/advisories/2008/2819 http://www.zebux.org/pub/Advisory/Advisory_Websense_Reporter_Password_Disclosure_200810.txt