A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires configuring a web browser to display HTML password input fields.)
References
Link | Resource |
---|---|
https://github.com/orangecertcc/security-research/security/advisories/GHSA-f3qp-4xqq-2wjx | Third Party Advisory |
https://lpar2rrd.com/note730.php | Release Notes Vendor Advisory |
https://stor2rrd.com/note730.php | Release Notes Vendor Advisory |
https://github.com/orangecertcc/security-research/security/advisories/GHSA-f3qp-4xqq-2wjx | Third Party Advisory |
https://lpar2rrd.com/note730.php | Release Notes Vendor Advisory |
https://stor2rrd.com/note730.php | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:27
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/orangecertcc/security-research/security/advisories/GHSA-f3qp-4xqq-2wjx - Third Party Advisory | |
References | () https://lpar2rrd.com/note730.php - Release Notes, Vendor Advisory | |
References | () https://stor2rrd.com/note730.php - Release Notes, Vendor Advisory |
29 Jul 2022, 12:46
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/orangecertcc/security-research/security/advisories/GHSA-f3qp-4xqq-2wjx - Third Party Advisory |
22 Apr 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Nov 2021, 01:55
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-11-08 05:15
Updated : 2024-11-21 06:27
NVD link : CVE-2021-42370
Mitre link : CVE-2021-42370
CVE.ORG link : CVE-2021-42370
JSON object : View
Products Affected
xorux
- lpar2rrd
- stor2rrd
CWE
CWE-312
Cleartext Storage of Sensitive Information