BugZero found this defect 3362 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
6/29/2016
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
All
Fireware
11.x
11.10.x
11.10
11.9.x
11.9
11.9.1
11.9.3
11.9.4
11.9.5
11.9.6
All
Qualys Web Application Scanning incorrectly reports that the WatchGuard Authentication portal and Mobile VPN with SSL client download portals have the vulnerability “Password is present in HTTP traffic unrelated to the login” (Qualys Vulnerability ID 150052), which is treated as a HIGH priority vulnerability. This vulnerability report is a false positive. This vulnerability report is triggered by a CSS comment block in the web page’s source containing the word “password”, not by actual password data being transmitted in plaintext.
No workaround is necessary, as this is not a vulnerability.Firmware versions 11.10.1 and later no longer present this issue.