CVE-2012-4605

The default configuration of the SMTP component in Websense Email Security 6.1 through 7.3 enables weak SSL ciphers in the "SurfControl plc\SuperScout Email Filter\SMTP" registry key, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.

Published: Aug 23, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-4605
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
websense / websense_email_security	7.0	7.0.x
websense / websense_email_security	7.1	7.1.x
websense / websense_email_security	7.2	7.2.x
websense / websense_email_security	6.1-sp1	6.1-sp1.x
websense / websense_email_security	6.1	6.1.x

http://www.securityfocus.com/bid/64758
http://www.websense.com/support/article/kbarticle/SSL-TLS-weak-and-export-ciphers-detected-in-Websense-Email-Security-deployments
https://exchange.xforce.ibmcloud.com/vulnerabilities/78131

Vulnerability Database

289,697

CVE-2012-4605