CWE-522
Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
CVE-2021-41300 (GCVE-0-2021-41300)
Vulnerability from cvelistv5 – Published: 2021-09-30 10:41 – Updated: 2024-09-16 23:41
VLAI
Title
ECOA BAS controller - Insufficiently Protected Credentials-2
Summary
ECOA BAS controller’s special page displays user account and passwords in plain text, thus unauthenticated attackers can access the page and obtain privilege with full functionality.
Severity
9.8 (Critical)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-5136-3e315-1.html | x_refsource_MISC |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| ECOA | ECS Router Controller ECS (FLASH) |
Unknown:
next of 0 , < unspecified
(custom)
|
|
| ECOA | RiskBuster Terminator E6L45 |
Unknown:
next of 0 , < unspecified
(custom)
|
|
| ECOA | RiskBuster System RB 3.0.0 |
Unknown:
next of 0 , < unspecified
(custom)
|
|
| ECOA | RiskBuster System TRANE 1.0 |
Unknown:
next of 0 , < unspecified
(custom)
|
|
| ECOA | Graphic Control Software |
Unknown:
next of 0 , < unspecified
(custom)
|
|
| ECOA | SmartHome II E9246 |
Unknown:
next of 0 , < unspecified
(custom)
|
|
| ECOA | RiskTerminator |
Unknown:
next of 0 , < unspecified
(custom)
|
Date Public
2021-09-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:08:31.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5136-3e315-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ECS Router Controller ECS (FLASH)",
"vendor": "ECOA",
"versions": [
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 0",
"versionType": "custom"
}
]
},
{
"product": "RiskBuster Terminator E6L45",
"vendor": "ECOA",
"versions": [
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 0",
"versionType": "custom"
}
]
},
{
"product": "RiskBuster System RB 3.0.0",
"vendor": "ECOA",
"versions": [
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 0",
"versionType": "custom"
}
]
},
{
"product": "RiskBuster System TRANE 1.0",
"vendor": "ECOA",
"versions": [
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 0",
"versionType": "custom"
}
]
},
{
"product": "Graphic Control Software",
"vendor": "ECOA",
"versions": [
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 0",
"versionType": "custom"
}
]
},
{
"product": "SmartHome II E9246",
"vendor": "ECOA",
"versions": [
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 0",
"versionType": "custom"
}
]
},
{
"product": "RiskTerminator",
"vendor": "ECOA",
"versions": [
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-09-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ECOA BAS controller\u2019s special page displays user account and passwords in plain text, thus unauthenticated attackers can access the page and obtain privilege with full functionality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-30T10:41:05.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5136-3e315-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Contact tech support from ECOA."
}
],
"source": {
"advisory": "TVN-202109016",
"discovery": "EXTERNAL"
},
"title": "ECOA BAS controller - Insufficiently Protected Credentials-2",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-09-30T10:13:00.000Z",
"ID": "CVE-2021-41300",
"STATE": "PUBLIC",
"TITLE": "ECOA BAS controller - Insufficiently Protected Credentials-2"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ECS Router Controller ECS (FLASH)",
"version": {
"version_data": [
{
"version_affected": "?\u003e",
"version_value": "0"
}
]
}
},
{
"product_name": "RiskBuster Terminator E6L45",
"version": {
"version_data": [
{
"version_affected": "?\u003e",
"version_value": "0"
}
]
}
},
{
"product_name": "RiskBuster System RB 3.0.0",
"version": {
"version_data": [
{
"version_affected": "?\u003e",
"version_value": "0"
}
]
}
},
{
"product_name": "RiskBuster System TRANE 1.0",
"version": {
"version_data": [
{
"version_affected": "?\u003e",
"version_value": "0"
}
]
}
},
{
"product_name": "Graphic Control Software",
"version": {
"version_data": [
{
"version_affected": "?\u003e",
"version_value": "0"
}
]
}
},
{
"product_name": "SmartHome II E9246",
"version": {
"version_data": [
{
"version_affected": "?\u003e",
"version_value": "0"
}
]
}
},
{
"product_name": "RiskTerminator",
"version": {
"version_data": [
{
"version_affected": "?\u003e",
"version_value": "0"
}
]
}
}
]
},
"vendor_name": "ECOA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ECOA BAS controller\u2019s special page displays user account and passwords in plain text, thus unauthenticated attackers can access the page and obtain privilege with full functionality."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522 Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-5136-3e315-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5136-3e315-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Contact tech support from ECOA."
}
],
"source": {
"advisory": "TVN-202109016",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-41300",
"datePublished": "2021-09-30T10:41:05.097Z",
"dateReserved": "2021-09-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:41:00.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41972 (GCVE-0-2021-41972)
Vulnerability from cvelistv5 – Published: 2021-11-12 18:55 – Updated: 2024-08-04 03:22
VLAI
Title
Credentials leak
Summary
Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way.
Severity
No CVSS data available.
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/xpdl2r538o695o7r9… | x_refsource_MISC |
| https://seclists.org/oss-sec/2021/q4/106 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Affected:
Apache Superset , ≤ 1.3.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:25.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread/xpdl2r538o695o7r9gd9qrwqb17bdd3v"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/oss-sec/2021/q4/106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Superset",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "Apache Superset",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache Superset team would like to thank Ke Zhu for reporting this issue"
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-12T18:55:13.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread/xpdl2r538o695o7r9gd9qrwqb17bdd3v"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/oss-sec/2021/q4/106"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Credentials leak",
"workarounds": [
{
"lang": "en",
"value": "Upgrade to Apache Superset 1.3.2 or higher"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-41972",
"STATE": "PUBLIC",
"TITLE": "Credentials leak"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Superset",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "Apache Superset",
"version_value": "1.3.1"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache Superset team would like to thank Ke Zhu for reporting this issue"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522 Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread/xpdl2r538o695o7r9gd9qrwqb17bdd3v",
"refsource": "MISC",
"url": "https://lists.apache.org/thread/xpdl2r538o695o7r9gd9qrwqb17bdd3v"
},
{
"name": "https://seclists.org/oss-sec/2021/q4/106",
"refsource": "MISC",
"url": "https://seclists.org/oss-sec/2021/q4/106"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Upgrade to Apache Superset 1.3.2 or higher"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-41972",
"datePublished": "2021-11-12T18:55:13.000Z",
"dateReserved": "2021-10-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:22:25.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42023 (GCVE-0-2021-42023)
Vulnerability from cvelistv5 – Published: 2021-12-14 00:00 – Updated: 2024-08-04 03:22
VLAI
Summary
A vulnerability has been identified in ModelSim Simulation (All versions), Questa Simulation (All versions). The RSA white-box implementation in affected applications insufficiently protects the built-in private keys that are required to decrypt electronic intellectual property (IP) data in accordance with the IEEE 1735 recommended practice. This could allow a sophisticated attacker to discover the keys, bypassing the protection intended by the IEEE 1735 recommended practice.
Severity
No CVSS data available.
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | ModelSim Simulation |
Affected:
All versions
|
|
| Siemens | Questa Simulation |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:25.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-400332.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ModelSim Simulation",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Questa Simulation",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in ModelSim Simulation (All versions), Questa Simulation (All versions). The RSA white-box implementation in affected applications insufficiently protects the built-in private keys that are required to decrypt electronic intellectual property (IP) data in accordance with the IEEE 1735 recommended practice. This could allow a sophisticated attacker to discover the keys, bypassing the protection intended by the IEEE 1735 recommended practice."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-400332.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-42023",
"datePublished": "2021-12-14T00:00:00.000Z",
"dateReserved": "2021-10-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:22:25.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43767 (GCVE-0-2021-43767)
Vulnerability from cvelistv5 – Published: 2022-08-25 17:27 – Updated: 2024-08-04 04:03
VLAI
Summary
Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's first few queries. Despite the use of SSL certificate verification and encryption, Odyssey will pass these results to client as if they originated from valid server. This is similar to CVE-2021-23222 for PostgreSQL.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.postgresql.org/support/security/CVE-2… | x_refsource_MISC |
| https://github.com/yandex/odyssey/issues/377%2C | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.postgresql.org/support/security/CVE-2021-23222/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/yandex/odyssey/issues/377%2C"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Odyssey",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Odyssey 1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using \u0027trust\u0027 authentication with a \u0027clientcert\u0027 requirement or to use \u0027cert\u0027 authentication, a man-in-the-middle attacker can inject false responses to the client\u0027s first few queries. Despite the use of SSL certificate verification and encryption, Odyssey will pass these results to client as if they originated from valid server. This is similar to CVE-2021-23222 for PostgreSQL."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T17:27:39.000Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.postgresql.org/support/security/CVE-2021-23222/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yandex/odyssey/issues/377%2C"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "patrick@puiterwijk.org",
"ID": "CVE-2021-43767",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Odyssey",
"version": {
"version_data": [
{
"version_value": "Odyssey 1.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using \u0027trust\u0027 authentication with a \u0027clientcert\u0027 requirement or to use \u0027cert\u0027 authentication, a man-in-the-middle attacker can inject false responses to the client\u0027s first few queries. Despite the use of SSL certificate verification and encryption, Odyssey will pass these results to client as if they originated from valid server. This is similar to CVE-2021-23222 for PostgreSQL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.postgresql.org/support/security/CVE-2021-23222/",
"refsource": "MISC",
"url": "https://www.postgresql.org/support/security/CVE-2021-23222/"
},
{
"name": "https://github.com/yandex/odyssey/issues/377,",
"refsource": "MISC",
"url": "https://github.com/yandex/odyssey/issues/377,"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2021-43767",
"datePublished": "2022-08-25T17:27:39.000Z",
"dateReserved": "2021-11-15T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:03:08.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44451 (GCVE-0-2021-44451)
Vulnerability from cvelistv5 – Published: 2022-02-01 13:16 – Updated: 2024-08-04 04:25
VLAI
Title
API sensitive information leak
Summary
Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Users should upgrade to Apache Superset 1.4.0 or higher.
Severity
No CVSS data available.
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/xww1pccs2ckb5506w… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Affected:
Apache Superset , ≤ 1.3.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:25:16.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Superset",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.3.2",
"status": "affected",
"version": "Apache Superset",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Found and reported by Cesar Santos"
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Users should upgrade to Apache Superset 1.4.0 or higher."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-01T13:16:32.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "API sensitive information leak",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-44451",
"STATE": "PUBLIC",
"TITLE": "API sensitive information leak"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Superset",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "Apache Superset",
"version_value": "1.3.2"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Found and reported by Cesar Santos"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Users should upgrade to Apache Superset 1.4.0 or higher."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522 Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb",
"refsource": "MISC",
"url": "https://lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-44451",
"datePublished": "2022-02-01T13:16:32.000Z",
"dateReserved": "2021-11-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:25:16.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47726 (GCVE-0-2021-47726)
Vulnerability from cvelistv5 – Published: 2025-12-31 18:39 – Updated: 2026-01-02 20:08
VLAI
Title
NuCom 11N Wireless Router 5.07.90 Privilege Escalation via Configuration Backup
Summary
NuCom 11N Wireless Router 5.07.90 contains a privilege escalation vulnerability that allows non-privileged users to access administrative credentials through the configuration backup endpoint. Attackers can send a crafted HTTP GET request to the backup configuration page with a specific cookie to retrieve and decode the admin password in Base64 format.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/49634 | exploit |
| https://www.nucom.es | product |
| https://www.zeroscience.mk/en/vulnerabilities/ZSL… | third-party-advisory |
| https://www.vulncheck.com/advisories/nucom-n-wire… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nucom | NuCom 11N Wireless Router |
Affected:
5.07.90
|
Date Public
2021-03-01 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47726",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-02T20:07:49.550941Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-02T20:08:07.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NuCom 11N Wireless Router",
"vendor": "Nucom",
"versions": [
{
"status": "affected",
"version": "5.07.90"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2021-03-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NuCom 11N Wireless Router 5.07.90 contains a privilege escalation vulnerability that allows non-privileged users to access administrative credentials through the configuration backup endpoint. Attackers can send a crafted HTTP GET request to the backup configuration page with a specific cookie to retrieve and decode the admin password in Base64 format."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-31T18:39:09.345Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49634",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49634"
},
{
"name": "NuCom Vendor Homepage",
"tags": [
"product"
],
"url": "https://www.nucom.es"
},
{
"name": "Zero Science Lab Disclosure (ZSL-2021-5629)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5629.php"
},
{
"name": "VulnCheck Advisory: NuCom 11N Wireless Router 5.07.90 Privilege Escalation via Configuration Backup",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/nucom-n-wireless-router-privilege-escalation-via-configuration-backup"
}
],
"title": "NuCom 11N Wireless Router 5.07.90 Privilege Escalation via Configuration Backup",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47726",
"datePublished": "2025-12-31T18:39:09.345Z",
"dateReserved": "2025-12-07T20:10:09.803Z",
"dateUpdated": "2026-01-02T20:08:07.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47741 (GCVE-0-2021-47741)
Vulnerability from cvelistv5 – Published: 2025-12-31 18:39 – Updated: 2026-01-02 20:06
VLAI
Title
ZBL EPON ONU Broadband Router V100R001 Privilege Escalation via Configuration Endpoint
Summary
ZBL EPON ONU Broadband Router V100R001 contains a privilege escalation vulnerability that allows limited administrative users to elevate access by sending requests to configuration endpoints. Attackers can exploit the vulnerability by accessing the configuration backup or password page to disclose the super user password and gain additional privileged functionalities.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/49737 | exploit |
| http://www.zblchina.com | product |
| https://web.archive.org/web/20211220094023/http:/… | product |
| https://www.zeroscience.mk/en/vulnerabilities/ZSL… | third-party-advisory |
| https://www.vulncheck.com/advisories/zbl-epon-onu… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Zblchina | ZBL EPON ONU Broadband Router |
Affected:
1.0
|
Date Public
2021-01-31 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47741",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-02T20:06:38.476226Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-02T20:06:59.504Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ZBL EPON ONU Broadband Router",
"vendor": "Zblchina",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2021-01-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ZBL EPON ONU Broadband Router V100R001 contains a privilege escalation vulnerability that allows limited administrative users to elevate access by sending requests to configuration endpoints. Attackers can exploit the vulnerability by accessing the configuration backup or password page to disclose the super user password and gain additional privileged functionalities."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-31T18:39:10.193Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49737",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49737"
},
{
"name": "ZBL China Vendor Homepage",
"tags": [
"product"
],
"url": "http://www.zblchina.com"
},
{
"name": "Archived W\u0026D Thailand Vendor Homepage",
"tags": [
"product"
],
"url": "https://web.archive.org/web/20211220094023/http://www.wd-thailand.com/"
},
{
"name": "Zero Science Lab Disclosure (ZSL-2021-5647)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5647.php"
},
{
"name": "VulnCheck Advisory: ZBL EPON ONU Broadband Router V100R001 Privilege Escalation via Configuration Endpoint",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/zbl-epon-onu-broadband-router-vr-privilege-escalation-via-configuration-endpoint"
}
],
"title": "ZBL EPON ONU Broadband Router V100R001 Privilege Escalation via Configuration Endpoint",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47741",
"datePublished": "2025-12-31T18:39:10.193Z",
"dateReserved": "2025-12-23T13:24:04.581Z",
"dateUpdated": "2026-01-02T20:06:59.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47759 (GCVE-0-2021-47759)
Vulnerability from cvelistv5 – Published: 2026-01-15 15:52 – Updated: 2026-01-15 17:02
VLAI
Title
MTPutty 1.0.1.21 - SSH Password Disclosure
Summary
MTPutty 1.0.1.21 contains a sensitive information disclosure vulnerability that allows local attackers to view SSH connection passwords through Windows PowerShell process listing. Attackers can run a PowerShell command to retrieve the full command line of MTPutty processes, exposing plaintext SSH credentials.
Severity
6.2 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/50574 | exploit |
| https://ttyplus.com/multi-tabbed-putty/ | product |
Date Public
2021-06-12 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47759",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T17:02:10.979041Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T17:02:16.609Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MTPutty",
"vendor": "Ttyplus",
"versions": [
{
"status": "affected",
"version": "1.0.1.21"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sedat Ozdemir"
}
],
"datePublic": "2021-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MTPutty 1.0.1.21 contains a sensitive information disclosure vulnerability that allows local attackers to view SSH connection passwords through Windows PowerShell process listing. Attackers can run a PowerShell command to retrieve the full command line of MTPutty processes, exposing plaintext SSH credentials."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T15:52:05.935Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-50574",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/50574"
},
{
"name": "Official MTPutty Product Homepage",
"tags": [
"product"
],
"url": "https://ttyplus.com/multi-tabbed-putty/"
}
],
"title": "MTPutty 1.0.1.21 - SSH Password Disclosure",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47759",
"datePublished": "2026-01-15T15:52:05.935Z",
"dateReserved": "2026-01-10T16:58:28.313Z",
"dateUpdated": "2026-01-15T17:02:16.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-0019 (GCVE-0-2022-0019)
Vulnerability from cvelistv5 – Published: 2022-02-10 18:10 – Updated: 2024-09-16 20:06
VLAI
Title
GlobalProtect App: Insufficiently Protected Credentials Vulnerability on Linux
Summary
An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user’s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. This issue does not affect the GlobalProtect app on other platforms.
Severity
4.7 (Medium)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2022-0019 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | GlobalProtect App |
Affected:
5.3 , < 5.3.2
(custom)
Affected: 5.2 , ≤ 5.2.7 (custom) Affected: 5.1 , < 5.1.10 (custom) |
Date Public
2022-02-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Linux"
],
"product": "GlobalProtect App",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "5.3.2",
"status": "unaffected"
}
],
"lessThan": "5.3.2",
"status": "affected",
"version": "5.3",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.2.7",
"status": "affected",
"version": "5.2",
"versionType": "custom"
},
{
"changes": [
{
"at": "5.1.10",
"status": "unaffected"
}
],
"lessThan": "5.1.10",
"status": "affected",
"version": "5.1",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "This issue is applicable only to GlobalProtect app users that save their user credentials for use when authenticating to a GlobalProtect portal."
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Josh Wisely and Praveen Bomma of Splunk for discovering and reporting this issue."
}
],
"datePublic": "2022-02-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user\u2019s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. This issue does not affect the GlobalProtect app on other platforms."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-10T18:10:21.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0019"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in GlobalProtect app 5.1.10 on Linux, GlobalProtect app 5.3.2 on Linux, and all later GlobalProtect app versions.\n\nExisting credentials files that are exposed by this issue will be secured when the fixed GlobalProtect app is launched."
}
],
"source": {
"defect": [
"GPC-13843"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-02-09T00:00:00.000Z",
"value": "Initial publication"
}
],
"title": "GlobalProtect App: Insufficiently Protected Credentials Vulnerability on Linux",
"workarounds": [
{
"lang": "en",
"value": "Users should not save their credentials until the GlobalProtect app is upgraded to a fixed version.\n\nGlobalProtect portal administrators can prevent GlobalProtect app users from saving their credentials on the next connection to the GlobalProtect portal by preventing \u2018Save User Credentials\u2019 from the portal agent configuration as described here:\n\nhttps://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/globalprotect-apps/deploy-app-settings-transparently/customizable-app-settings/user-behavior-options.html"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2022-02-09T17:00:00.000Z",
"ID": "CVE-2022-0019",
"STATE": "PUBLIC",
"TITLE": "GlobalProtect App: Insufficiently Protected Credentials Vulnerability on Linux"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GlobalProtect App",
"version": {
"version_data": [
{
"platform": "Linux",
"version_affected": "\u003c",
"version_name": "5.3",
"version_value": "5.3.2"
},
{
"platform": "Linux",
"version_affected": "\u003c=",
"version_name": "5.2",
"version_value": "5.2.7"
},
{
"platform": "Linux",
"version_affected": "!\u003e=",
"version_name": "5.3",
"version_value": "5.3.2"
},
{
"platform": "Linux",
"version_affected": "\u003c",
"version_name": "5.1",
"version_value": "5.1.10"
},
{
"platform": "Linux",
"version_affected": "!\u003e=",
"version_name": "5.1",
"version_value": "5.1.10"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "This issue is applicable only to GlobalProtect app users that save their user credentials for use when authenticating to a GlobalProtect portal."
}
],
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Josh Wisely and Praveen Bomma of Splunk for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user\u2019s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. This issue does not affect the GlobalProtect app on other platforms."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522 Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2022-0019",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2022-0019"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in GlobalProtect app 5.1.10 on Linux, GlobalProtect app 5.3.2 on Linux, and all later GlobalProtect app versions.\n\nExisting credentials files that are exposed by this issue will be secured when the fixed GlobalProtect app is launched."
}
],
"source": {
"defect": [
"GPC-13843"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-02-09T00:00:00.000Z",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "Users should not save their credentials until the GlobalProtect app is upgraded to a fixed version.\n\nGlobalProtect portal administrators can prevent GlobalProtect app users from saving their credentials on the next connection to the GlobalProtect portal by preventing \u2018Save User Credentials\u2019 from the portal agent configuration as described here:\n\nhttps://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/globalprotect-apps/deploy-app-settings-transparently/customizable-app-settings/user-behavior-options.html"
}
],
"x_advisoryEoL": true,
"x_affectedList": [
"GlobalProtect App 5.3.1",
"GlobalProtect App 5.3.0",
"GlobalProtect App 5.3",
"GlobalProtect App 5.2.7",
"GlobalProtect App 5.2.6",
"GlobalProtect App 5.2.5",
"GlobalProtect App 5.2.4",
"GlobalProtect App 5.2.3",
"GlobalProtect App 5.2.2",
"GlobalProtect App 5.2.1",
"GlobalProtect App 5.2.0",
"GlobalProtect App 5.2",
"GlobalProtect App 5.1.9",
"GlobalProtect App 5.1.8",
"GlobalProtect App 5.1.7",
"GlobalProtect App 5.1.6",
"GlobalProtect App 5.1.5",
"GlobalProtect App 5.1.4",
"GlobalProtect App 5.1.3",
"GlobalProtect App 5.1.1",
"GlobalProtect App 5.1.0",
"GlobalProtect App 5.1"
],
"x_likelyAffectedList": [
"GlobalProtect App 5.0.10",
"GlobalProtect App 5.0.9",
"GlobalProtect App 5.0.8",
"GlobalProtect App 5.0.7",
"GlobalProtect App 5.0.6",
"GlobalProtect App 5.0.5",
"GlobalProtect App 5.0.4",
"GlobalProtect App 5.0.3",
"GlobalProtect App 5.0.2",
"GlobalProtect App 5.0.1",
"GlobalProtect App 5.0.0",
"GlobalProtect App 5.0",
"GlobalProtect App 4.1.13",
"GlobalProtect App 4.1.12",
"GlobalProtect App 4.1.11",
"GlobalProtect App 4.1.10",
"GlobalProtect App 4.1.9",
"GlobalProtect App 4.1.8",
"GlobalProtect App 4.1.7",
"GlobalProtect App 4.1.6",
"GlobalProtect App 4.1.5",
"GlobalProtect App 4.1.4",
"GlobalProtect App 4.1.3",
"GlobalProtect App 4.1.2",
"GlobalProtect App 4.1.1",
"GlobalProtect App 4.1.0",
"GlobalProtect App 4.1",
"GlobalProtect App 4.0.8",
"GlobalProtect App 4.0.7",
"GlobalProtect App 4.0.6",
"GlobalProtect App 4.0.5",
"GlobalProtect App 4.0.4",
"GlobalProtect App 4.0.3",
"GlobalProtect App 4.0.2",
"GlobalProtect App 4.0.0",
"GlobalProtect App 4.0",
"GlobalProtect App 3.1.6",
"GlobalProtect App 3.1.5",
"GlobalProtect App 3.1.4",
"GlobalProtect App 3.1.3",
"GlobalProtect App 3.1.1",
"GlobalProtect App 3.1.0",
"GlobalProtect App 3.1",
"GlobalProtect App 3.0.3",
"GlobalProtect App 3.0.2",
"GlobalProtect App 3.0.1",
"GlobalProtect App 3.0.0",
"GlobalProtect App 3.0",
"GlobalProtect App 2.3.5",
"GlobalProtect App 2.3.4",
"GlobalProtect App 2.3.3",
"GlobalProtect App 2.3.2",
"GlobalProtect App 2.3.1",
"GlobalProtect App 2.3.0",
"GlobalProtect App 2.3",
"GlobalProtect App 2.2.2",
"GlobalProtect App 2.2.1",
"GlobalProtect App 2.2.0",
"GlobalProtect App 2.2",
"GlobalProtect App 2.1.4",
"GlobalProtect App 2.1.3",
"GlobalProtect App 2.1.2",
"GlobalProtect App 2.1.1",
"GlobalProtect App 2.1.0",
"GlobalProtect App 2.1",
"GlobalProtect App 2.0.5",
"GlobalProtect App 2.0.4",
"GlobalProtect App 2.0.3",
"GlobalProtect App 2.0.2",
"GlobalProtect App 2.0.1",
"GlobalProtect App 2.0.0",
"GlobalProtect App 2.0",
"GlobalProtect App 1.2.11",
"GlobalProtect App 1.2.10",
"GlobalProtect App 1.2.9",
"GlobalProtect App 1.2.8",
"GlobalProtect App 1.2.7",
"GlobalProtect App 1.2.6",
"GlobalProtect App 1.2.5",
"GlobalProtect App 1.2.4",
"GlobalProtect App 1.2.3",
"GlobalProtect App 1.2.2",
"GlobalProtect App 1.2.1",
"GlobalProtect App 1.2.0",
"GlobalProtect App 1.2",
"GlobalProtect App 1.1.8",
"GlobalProtect App 1.1.7",
"GlobalProtect App 1.1.6",
"GlobalProtect App 1.1.5",
"GlobalProtect App 1.1.4",
"GlobalProtect App 1.1.3",
"GlobalProtect App 1.1.2",
"GlobalProtect App 1.1.1",
"GlobalProtect App 1.1.0",
"GlobalProtect App 1.1",
"GlobalProtect App 1.0.8",
"GlobalProtect App 1.0.7",
"GlobalProtect App 1.0.5",
"GlobalProtect App 1.0.3",
"GlobalProtect App 1.0.1",
"GlobalProtect App 1.0"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2022-0019",
"datePublished": "2022-02-10T18:10:21.940Z",
"dateReserved": "2021-12-28T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:06:53.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0718 (GCVE-0-2022-0718)
Vulnerability from cvelistv5 – Published: 2022-08-29 14:03 – Updated: 2024-08-02 23:40
VLAI
Summary
A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.
Severity
No CVSS data available.
CWE
- CWE-522 - - Insufficiently Protected Credentials
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2056850 | x_refsource_MISC |
| https://bugs.launchpad.net/oslo.utils/+bug/1949623 | x_refsource_MISC |
| https://opendev.org/openstack/oslo.utils/commit/6… | x_refsource_MISC |
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/CVE-2022-0718 | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | openstack/python-oslo.utils |
Affected:
Affects all versions, Fixed in 4.10.1, 4.12.1.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056850"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/oslo.utils/+bug/1949623"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://opendev.org/openstack/oslo.utils/commit/6e17ae1f7959c64dfd20a5f67edf422e702426aa"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2022-0718"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-0718"
},
{
"name": "[debian-lts-announce] 20220913 [SECURITY] [DLA 3106-1] python-oslo.utils security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openstack/python-oslo.utils",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affects all versions, Fixed in 4.10.1, 4.12.1."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( \" ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 - Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-13T15:06:20.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056850"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/oslo.utils/+bug/1949623"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://opendev.org/openstack/oslo.utils/commit/6e17ae1f7959c64dfd20a5f67edf422e702426aa"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2022-0718"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-0718"
},
{
"name": "[debian-lts-announce] 20220913 [SECURITY] [DLA 3106-1] python-oslo.utils security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00015.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-0718",
"datePublished": "2022-08-29T14:03:04.000Z",
"dateReserved": "2022-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:40:03.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Use an appropriate security mechanism to protect the credentials.
Mitigation
Phase: Architecture and Design
Description:
- Make appropriate use of cryptography to protect the credentials.
Mitigation
Phase: Implementation
Description:
- Use industry standards to protect the credentials (e.g. LDAP, keystore, etc.).
CAPEC-102: Session Sidejacking
Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.
CAPEC-474: Signature Spoofing by Key Theft
An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
CAPEC-50: Password Recovery Exploitation
An attacker may take advantage of the application feature to help users recover their forgotten passwords in order to gain access into the system with the same privileges as the original user. Generally password recovery schemes tend to be weak and insecure.
CAPEC-509: Kerberoasting
Through the exploitation of how service accounts leverage Kerberos authentication with Service Principal Names (SPNs), the adversary obtains and subsequently cracks the hashed credentials of a service account target to exploit its privileges. The Kerberos authentication protocol centers around a ticketing system which is used to request/grant access to services and to then access the requested services. As an authenticated user, the adversary may request Active Directory and obtain a service ticket with portions encrypted via RC4 with the private key of the authenticated account. By extracting the local ticket and saving it disk, the adversary can brute force the hashed value to reveal the target account credentials.
CAPEC-551: Modify Existing Service
When an operating system starts, it also starts programs called services or daemons. Modifying existing services may break existing services or may enable services that are disabled/not commonly used.
CAPEC-555: Remote Services with Stolen Credentials
This pattern of attack involves an adversary that uses stolen credentials to leverage remote services such as RDP, telnet, SSH, and VNC to log into a system. Once access is gained, any number of malicious activities could be performed.
CAPEC-560: Use of Known Domain Credentials
An adversary guesses or obtains (i.e. steals or purchases) legitimate credentials (e.g. userID/password) to achieve authentication and to perform authorized actions under the guise of an authenticated user or service.
CAPEC-561: Windows Admin Shares with Stolen Credentials
An adversary guesses or obtains (i.e. steals or purchases) legitimate Windows administrator credentials (e.g. userID/password) to access Windows Admin Shares on a local machine or within a Windows domain.
CAPEC-600: Credential Stuffing
An adversary tries known username/password combinations against different systems, applications, or services to gain additional authenticated access. Credential Stuffing attacks rely upon the fact that many users leverage the same username/password combination for multiple systems, applications, and services.
CAPEC-644: Use of Captured Hashes (Pass The Hash)
An adversary obtains (i.e. steals or purchases) legitimate Windows domain credential hash values to access systems within the domain that leverage the Lan Man (LM) and/or NT Lan Man (NTLM) authentication protocols.
CAPEC-645: Use of Captured Tickets (Pass The Ticket)
An adversary uses stolen Kerberos tickets to access systems/resources that leverage the Kerberos authentication protocol. The Kerberos authentication protocol centers around a ticketing system which is used to request/grant access to services and to then access the requested services. An adversary can obtain any one of these tickets (e.g. Service Ticket, Ticket Granting Ticket, Silver Ticket, or Golden Ticket) to authenticate to a system/resource without needing the account's credentials. Depending on the ticket obtained, the adversary may be able to access a particular resource or generate TGTs for any account within an Active Directory Domain.
CAPEC-652: Use of Known Kerberos Credentials
An adversary obtains (i.e. steals or purchases) legitimate Kerberos credentials (e.g. Kerberos service account userID/password or Kerberos Tickets) with the goal of achieving authenticated access to additional systems, applications, or services within the domain.
CAPEC-653: Use of Known Operating System Credentials
An adversary guesses or obtains (i.e. steals or purchases) legitimate operating system credentials (e.g. userID/password) to achieve authentication and to perform authorized actions on the system, under the guise of an authenticated user or service. This applies to any Operating System.