CVE-2021-3130Insufficiently Protected Credentials in Open-audit

CWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
5.9MEDIUMNVD
EPSS
0.6%
top 29.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Opmantek Open-audit
Timeline
PublishedJan 20
Latest updateMar 1

Description

Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-qpq8-7ff2-687p: Within the Open-AudIT up to version 32022-05-24

💬Community

1
Bugzilla
CVE-2021-47058 kernel: use-after-free regmap: set debugfs_name to NULL after it is freed2024-03-01