Security & Vulnerability Researcher / Professional Penetration Tester

CVE-2018-6689 - McAfee - Improper Authentication

Authentication bypass vulnerability in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x earlier than 10.0.510, and 11.0.x earlier than 11.0.600 allows attackers to bypass local security protection via specific conditions.

It is possible to access a user’s session on a locked Windows machine if certain DLP Endpoint configurations are made by the DLP Endpoint administrator to include hyperlinks in user notification dialogs, and an actor performs specific actions on a protected machine.

Trellix Security Bulletin SB10252

buy me a coffee