Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Symantec Firewall / VPN 100/200/200R Exposure of Password

Mar 1, 2004 11:43PM PST

Critical:
Not critical
Impact: Exposure of sensitive information

Where: Local system



Software: Symantec Firewall / VPN 100/200/200R




Description:
Davide Del Vecchio has discovered a security issue in Symantec Firewall / VPN 100/200/200R, possibly allowing malicious people to see passwords.

The problem is that passwords are entered in clear text without being masking in a HTML form. This may allow other people with physical access to see a password when it is entered.

This affects Symantec Firewall / VPN 100, 200, and 200R.

Solution:
Symantec has issued patches.

Symantec Firewall / VPN 200R:
ftp://ftp.symantec.com/public/en...ance/updates/vpn200R_161_app.zip

Symantec Firewall / VPN 200:
ftp://ftp.symantec.com/public/en...iance/updates/vpn200_161_app.zip

Symantec Firewall / VPN 100:
ftp://ftp.symantec.com/public/en...iance/updates/vpn100_161_app.zip

Provided and/or discovered by:
Davide Del Vecchio

http://secunia.com/advisories/11013/

Discussion is locked