HackAndPwn
Security & Vulnerability Researcher / Professional Penetration Tester

CVE-2018-6689

Authentication bypass vulnerability in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x earlier than 10.0.510, and 11.0.x earlier than 11.0.600 allows attackers to bypass local security protection via specific conditions.

It is possible to access a user’s session on a locked Windows machine if certain DLP Endpoint configurations are made by the DLP Endpoint administrator to include hyperlinks in user notification dialogs, and an actor performs specific actions on a protected machine.

McAfee Security Bulletin SB10252


buy me a coffee