CVE-2023-28616 — Cleartext Transmission of Sensitive Info in Network Security

CWE-319 — Cleartext Transmission of Sensitive Info3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 73.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Stormshield Network Security

Timeline

PublishedDec 26

Description

An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDstormshield/stormshield_network_security2.7.0 — 4.3.17+2

🔴Vulnerability Details

CVEList

CVE-2023-28616: An issue was discovered in Stormshield Network Security (SNS) before 4↗2023-12-26

▶

GHSA

GHSA-c4f2-4cmw-rccv: An issue was discovered in Stormshield Network Security (SNS) before 4↗2023-12-26

▶