Title: Websense Reporter - Password Disclosure Vulnerability
Criticality: Medium (2/3)
Affected software: Websense Enterprise v6.3.2 / Websense Reporter
Author: Eric BEAULIEU, eric.beaulieu \[at\] zebux.org, http:\\www.zebux.org
Discovery Date: 10-13-2008
Location URL: http://www.zebux.org/pub/Advisory/Advisory_Websense_Reporter_Password_Disclosure_200810.txt



Summary
-------

A vulnerability has been discover in Websense Reporter Module, which could be exploited by local attackers to gain knowledge of sensitive information. 


Description
-----------

A vulnerability has been discover in Websense Reporter Module, which could be exploited by local attackers to gain knowledge of sensitive information. It is possible to gain local SQL administrator access by accessing plaintext password that is stored in "CreateDbInstall.log" log file. The installer create this log file during installation process and if you have a local SQL server on your Websense Reporter Server.


Solution
--------

After the Websense Reporter installation erase "CreateDbInstall.log" log file and any archive file contain this log file.
Upgrade to Websense v7, this version does not use Websense Reporter.


Workaround
----------

Erase "CreateDbInstall.log" log file and any archive file contain this log file.


References
----------

Bugtraq ID: 31746
Websense Advisory URL: http://kb.websense.com/article.asp?article=3734&p=12
Secunia Advisory ID: SA32264 
CVE ID: CVE-2008-4646
Security Tracker: 1021058
FrSIRT: ADV-2008-2819


Timeline
--------

14-03-2008 - Vulnerability researched and confirmed
18-03-2008 - Vulnerability reported to vendor
20-03-2008 - Vendor confirmed the security issue
13-10-2008 - Vendor contacted to have a stat of the fix process



Revision history
----------------

19-03-2008 - 1.0 - Advisory written
13-10-2008 - 1.1 - Advisory updated
13-10-2008 - 1.2 - References updated
10-11-2008 - 1.3 - References updated