Research

McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability

Advisory ID: SWRX-2009-002

Advisory Information
Title: McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability
Advisory ID: SWRX-2009-002
Advisory URL: http://www.secureworks.com/research/advisories/SWRX-2009-002
Date published: Wednesday, November 11, 2009
CVE: CVE-2009-3566
CVSS v2 Base Score: 4.3 (Medium) (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Date of last update: Wednesday, November 11, 2009
Vendors contacted: McAfee, Inc.
Release mode: Coordinated release
Discovered by: Daniel King, SecureWorks

Summary
McAfee Network Security Manager is vulnerable to authentication bypass via HTTP session cookie hijacking. A remote attacker could exploit this vulnerability to hijack an existing session to the Network Security Manager.

Download the PDF

PGP Signature (PC Users: You may need to right click your mouse and select "Save As")

SecureWorks CTU Public Key

Next Steps
	Call Us Today (877) 838-7947

Online Tools

Print this Page
Share This Resource
Sign up for the SecureWorks 'On the Radar' Newsletter

Request Info Now

*First Name:
*Last Name:
*Company:
*Telephone:
*Email:
*Country:
*State/Province:
*What is your primary role?
*What is the size of organization?
*Industry:
Subscribe to SecureWorks' On the Radar Newsletter
Yes No
Questions/Comments:

Newsletter Signup

* First Name:
* Last Name:
* Email Address:

McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability

Advisory ID: SWRX-2009-002

Next Steps

Online Tools

Request Info Now

Newsletter Signup

most popular pages