CVE-2020-7306 is a vulnerability in McAfee Data Loss Prevention
Published on August 13, 2020
DLP for Mac - Unprotected Storage of Credentials
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the ADRMS username and password via unprotected log files containing plain text
Vulnerability Analysis
CVE-2020-7306 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Weakness Type
Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Products Associated with CVE-2020-7306
Want to know whenever a new CVE is published for McAfee Data Loss Prevention? stack.watch will email you.
Affected Versions
McAfee Data Loss Prevention(DLP):- Version 11.3 and below 11.3.31 is affected.
- Version 11.4 and below 11.4.200 is affected.
- Version 11.5 and below 11.5.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.