Description
The default configuration of the SMTP component in Websense Email Security 6.1 through 7.3 enables weak SSL ciphers in the "SurfControl plc\SuperScout Email Filter\SMTP" registry key, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
http://www.websense.com/support/article/kbarticle/SSL-TLS-weak-and-export-ciphers-detected-in-Websense-Email-Security-deployments
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/78131
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/64758
Scores
EPSS
0.0135
EPSS Percentile
68.3%
Details
CWE
CWE-200
Status
published
Products (4)
websense/websense_email_security
6.1 (2 CPE variants)
websense/websense_email_security
7.0
websense/websense_email_security
7.1
websense/websense_email_security
7.2
Published
Aug 23, 2012
Tracked Since
Feb 18, 2026