NetSupport Manager contains a flaw that may lead to an unauthorized information disclosure. The HTTP protocol implementation sends HTTP headers with information stored in cleartext fields. The issue is triggered when the HTTP packets between the NetSupport Manager Gateway and Controls or clients are intercepted. This may disclose sensitive information to a remote attacker.

Upgrade to version 11.00.0005 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• CVE ID: 2010-4184 (see also: NVD)
• Secunia Advisory ID: 42104 42122
• Bugtraq ID: 44629
• CERT VU: 465239
• Other Advisory URL: http://www.netsupportsoftware.com/support/kb/asp/kbprovider.asp?gettd=634&lang=EN&xsl=http%3A//www.netsupportsoftware.com/support/kb/TechDoc.xsl
• Vendor Specific News/Changelog Entry: http://www.netsupportsoftware.com/support/td.asp?td=634

• Not Available