McAfee Cloud Single Sign On < 4.0.1 Information Disclosure (SB10066) (Windows)
Medium Nessus Plugin ID 73187
SynopsisThe remote host is affected by an information disclosure vulnerability.
DescriptionA version of McAfee Cloud Single Sign On (MCSSO) prior to 4.0.1 is installed on the remote host. It is, therefore, affected by an information disclosure vulnerability due to a failure to sanitize user-supplied input, resulting in potential directory traversal. An attacker could potentially exploit this vulnerability to download arbitrary files, including one containing a hash of the product administrator's password.
SolutionUpgrade to version 4.0.1 or later.