Common Weakness Enumeration

CWE-257

Allowed

Storing Passwords in a Recoverable Format

Abstraction: Base · Status: Incomplete

The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.

115 vulnerabilities reference this CWE, most recent first.

CVE-2021-27485 (GCVE-0-2021-27485)

Vulnerability from cvelistv5 – Published: 2021-06-16 12:16 – Updated: 2024-08-03 21:26
VLAI
Summary
ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser.
Severity
No CVSS data available.
CWE
  • CWE-257 - STORING PASSWORDS IN A RECOVERABLE FORMAT CWE-257
Assigner
References
Impacted products
Vendor Product Version
n/a ZOLL Defibrillator Dashboard Affected: All versions prior to 2.2
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T21:26:09.022Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ZOLL Defibrillator Dashboard",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to 2.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-257",
              "description": "STORING PASSWORDS IN A RECOVERABLE FORMAT CWE-257",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-16T12:16:47.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2021-27485",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ZOLL Defibrillator Dashboard",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions prior to 2.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "STORING PASSWORDS IN A RECOVERABLE FORMAT CWE-257"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2021-27485",
    "datePublished": "2021-06-16T12:16:47.000Z",
    "dateReserved": "2021-02-19T00:00:00.000Z",
    "dateUpdated": "2024-08-03T21:26:09.022Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-0220 (GCVE-0-2021-0220)

Vulnerability from cvelistv5 – Published: 2021-01-15 17:36 – Updated: 2024-09-16 22:20
VLAI
Title
Junos Space: Shared secrets stored in recoverable format and directly exposed through the UI
Summary
The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser (for example via XSS) or access cached contents may be able to obtain a copy of credentials managed by Junos Space. The impact of a successful attack includes, but is not limited to, obtaining access to other servers connected to the Junos Space Management Platform. This issue affects Juniper Networks Junos Space versions prior to 20.3R1.
CWE
  • CWE-257 - Storing Passwords in a Recoverable Format
Assigner
References
URL Tags
https://kb.juniper.net/JSA11110 x_refsource_CONFIRM
Impacted products
Vendor Product Version
Juniper Networks Junos Space Affected: unspecified , < 20.3R1 (custom)
Create a notification for this product.
Date Public
2021-01-13 00:00
Credits
Juniper SIRT would like to acknowledge and thank Bruno Colella Garofalo for responsibly reporting this vulnerability.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:32:10.029Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA11110"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Junos Space",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "20.3R1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Juniper SIRT would like to acknowledge and thank Bruno Colella Garofalo for responsibly reporting this vulnerability."
        }
      ],
      "datePublic": "2021-01-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser (for example via XSS) or access cached contents may be able to obtain a copy of credentials managed by Junos Space. The impact of a successful attack includes, but is not limited to, obtaining access to other servers connected to the Junos Space Management Platform. This issue affects Juniper Networks Junos Space versions prior to 20.3R1."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-257",
              "description": "CWE-257 Storing Passwords in a Recoverable Format",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-15T17:36:01.000Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA11110"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve these specific issues: Junos Space 20.3R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA11110",
        "defect": [
          "1519331"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Junos Space: Shared secrets stored in recoverable format and directly exposed through the UI",
      "workarounds": [
        {
          "lang": "en",
          "value": "There are no viable workarounds for this issue.\n\nTo reduce the risk of exploitation of these issues, use access lists or firewall filters to limit access to Junos Space to only trusted administrative networks, hosts and users."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2021-01-13T17:00:00.000Z",
          "ID": "CVE-2021-0220",
          "STATE": "PUBLIC",
          "TITLE": "Junos Space: Shared secrets stored in recoverable format and directly exposed through the UI"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos Space",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "20.3R1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Juniper SIRT would like to acknowledge and thank Bruno Colella Garofalo for responsibly reporting this vulnerability."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser (for example via XSS) or access cached contents may be able to obtain a copy of credentials managed by Junos Space. The impact of a successful attack includes, but is not limited to, obtaining access to other servers connected to the Junos Space Management Platform. This issue affects Juniper Networks Junos Space versions prior to 20.3R1."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-257 Storing Passwords in a Recoverable Format"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA11110",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA11110"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve these specific issues: Junos Space 20.3R1, and all subsequent releases."
          }
        ],
        "source": {
          "advisory": "JSA11110",
          "defect": [
            "1519331"
          ],
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "There are no viable workarounds for this issue.\n\nTo reduce the risk of exploitation of these issues, use access lists or firewall filters to limit access to Junos Space to only trusted administrative networks, hosts and users."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2021-0220",
    "datePublished": "2021-01-15T17:36:01.350Z",
    "dateReserved": "2020-10-27T00:00:00.000Z",
    "dateUpdated": "2024-09-16T22:20:15.866Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-8296 (GCVE-0-2020-8296)

Vulnerability from cvelistv5 – Published: 2021-03-03 17:40 – Updated: 2024-08-04 09:56
VLAI
Summary
Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured.
Severity
No CVSS data available.
CWE
  • CWE-257 - Storing Passwords in a Recoverable Format (CWE-257)
Assigner
Impacted products
Vendor Product Version
n/a Nextcloud Server Affected: Fixed in 20.0.0
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:56:28.293Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/867164"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2021-006"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nextcloud/server/pull/21037"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nextcloud/server/issues/17439"
          },
          {
            "name": "FEDORA-2021-eac0e52f88",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6BO6P6MP2MOWA6PZRXX32PLWPXN5O4S/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Nextcloud Server",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in 20.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-257",
              "description": "Storing Passwords in a Recoverable Format (CWE-257)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-09T08:08:37.000Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/867164"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2021-006"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/server/pull/21037"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/server/issues/17439"
        },
        {
          "name": "FEDORA-2021-eac0e52f88",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6BO6P6MP2MOWA6PZRXX32PLWPXN5O4S/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2020-8296",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Nextcloud Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in 20.0.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Storing Passwords in a Recoverable Format (CWE-257)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://hackerone.com/reports/867164",
              "refsource": "MISC",
              "url": "https://hackerone.com/reports/867164"
            },
            {
              "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2021-006",
              "refsource": "MISC",
              "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2021-006"
            },
            {
              "name": "https://github.com/nextcloud/server/pull/21037",
              "refsource": "MISC",
              "url": "https://github.com/nextcloud/server/pull/21037"
            },
            {
              "name": "https://github.com/nextcloud/server/issues/17439",
              "refsource": "MISC",
              "url": "https://github.com/nextcloud/server/issues/17439"
            },
            {
              "name": "FEDORA-2021-eac0e52f88",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6BO6P6MP2MOWA6PZRXX32PLWPXN5O4S/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2020-8296",
    "datePublished": "2021-03-03T17:40:33.000Z",
    "dateReserved": "2020-01-28T00:00:00.000Z",
    "dateUpdated": "2024-08-04T09:56:28.293Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-1010241 (GCVE-0-2019-1010241)

Vulnerability from cvelistv5 – Published: 2019-07-19 16:36 – Updated: 2024-08-05 03:07
VLAI
Summary
Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line #30 (passwordVariable). The attack vector is: Attacker creates and executes a Jenkins job.
Severity
No CVSS data available.
CWE
  • CWE-257 - Storing Passwords in a Recoverable Format
Assigner
dwf
References
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:07:18.552Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://docs.google.com/document/d/1MBEoJSMvkjp5Kua0bRD_kiDBisL0fOCwTL9uMWj4lGA/edit?usp=sharing"
          },
          {
            "name": "109320",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/109320"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Jenkins",
          "vendor": "Jenkins Credentials Binding Plugin",
          "versions": [
            {
              "status": "affected",
              "version": "1.17"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line #30 (passwordVariable). The attack vector is: Attacker creates and executes a Jenkins job."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-257",
              "description": "CWE-257: Storing Passwords in a Recoverable Format",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-26T07:06:04.000Z",
        "orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
        "shortName": "dwf"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.google.com/document/d/1MBEoJSMvkjp5Kua0bRD_kiDBisL0fOCwTL9uMWj4lGA/edit?usp=sharing"
        },
        {
          "name": "109320",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/109320"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-assign@distributedweaknessfiling.org",
          "ID": "CVE-2019-1010241",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Jenkins",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.17"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Jenkins Credentials Binding Plugin"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line #30 (passwordVariable). The attack vector is: Attacker creates and executes a Jenkins job."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-257: Storing Passwords in a Recoverable Format"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://docs.google.com/document/d/1MBEoJSMvkjp5Kua0bRD_kiDBisL0fOCwTL9uMWj4lGA/edit?usp=sharing",
              "refsource": "MISC",
              "url": "https://docs.google.com/document/d/1MBEoJSMvkjp5Kua0bRD_kiDBisL0fOCwTL9uMWj4lGA/edit?usp=sharing"
            },
            {
              "name": "109320",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/109320"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
    "assignerShortName": "dwf",
    "cveId": "CVE-2019-1010241",
    "datePublished": "2019-07-19T16:36:02.000Z",
    "dateReserved": "2019-03-20T00:00:00.000Z",
    "dateUpdated": "2024-08-05T03:07:18.552Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-19096 (GCVE-0-2019-19096)

Vulnerability from cvelistv5 – Published: 2020-04-02 19:48 – Updated: 2024-08-05 02:09
VLAI
Title
ABB eSOMS: REDIS clear text credentials
Summary
The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials' confidentiality.
CWE
  • CWE-257 - Storing Passwords in a Recoverable Format
Assigner
ABB
References
Impacted products
Vendor Product Version
ABB eSOMS Affected: 6.0 to 6.0.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:09:39.348Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "eSOMS",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "6.0 to 6.0.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials\u0027 confidentiality."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-257",
              "description": "CWE-257 Storing Passwords in a Recoverable Format",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-02T19:48:02.000Z",
        "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "shortName": "ABB"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "ABB eSOMS: REDIS clear text credentials",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@ch.abb.com",
          "ID": "CVE-2019-19096",
          "STATE": "PUBLIC",
          "TITLE": "ABB eSOMS: REDIS clear text credentials"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "eSOMS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0 to 6.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ABB"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials\u0027 confidentiality."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-257 Storing Passwords in a Recoverable Format"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
              "refsource": "CONFIRM",
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
    "assignerShortName": "ABB",
    "cveId": "CVE-2019-19096",
    "datePublished": "2020-04-02T19:48:02.000Z",
    "dateReserved": "2019-11-18T00:00:00.000Z",
    "dateUpdated": "2024-08-05T02:09:39.348Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-18256 (GCVE-0-2019-18256)

Vulnerability from cvelistv5 – Published: 2020-06-29 13:56 – Updated: 2024-08-05 01:47
VLAI
Summary
BIOTRONIK CardioMessenger II, The affected products use individual per-device credentials that are stored in a recoverable format. An attacker with physical access to the CardioMessenger can use these credentials for network authentication and decryption of local data in transit.
Severity
No CVSS data available.
CWE
  • CWE-257 - STORING PASSWORDS IN A RECOVERABLE FORMAT CWE-257
Assigner
References
Impacted products
Vendor Product Version
n/a BIOTRONIK CardioMessenger II-S T-Line, CardioMessenger II-S GSM Affected: CardioMessenger II-S T-Line T4APP 2.20, CardioMessenger II-S GSM T4APP 2.20
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:47:14.076Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIOTRONIK CardioMessenger II-S T-Line, CardioMessenger II-S GSM",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "CardioMessenger II-S T-Line T4APP 2.20, CardioMessenger II-S GSM T4APP 2.20"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "BIOTRONIK CardioMessenger II, The affected products use individual per-device credentials that are stored in a recoverable format. An attacker with physical access to the CardioMessenger can use these credentials for network authentication and decryption of local data in transit."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-257",
              "description": "STORING PASSWORDS IN A RECOVERABLE FORMAT CWE-257",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-29T13:56:28.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2019-18256",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BIOTRONIK CardioMessenger II-S T-Line, CardioMessenger II-S GSM",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "CardioMessenger II-S T-Line T4APP 2.20, CardioMessenger II-S GSM T4APP 2.20"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "BIOTRONIK CardioMessenger II, The affected products use individual per-device credentials that are stored in a recoverable format. An attacker with physical access to the CardioMessenger can use these credentials for network authentication and decryption of local data in transit."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "STORING PASSWORDS IN A RECOVERABLE FORMAT CWE-257"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsma-20-170-05",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2019-18256",
    "datePublished": "2020-06-29T13:56:28.000Z",
    "dateReserved": "2019-10-22T00:00:00.000Z",
    "dateUpdated": "2024-08-05T01:47:14.076Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-6567 (GCVE-0-2019-6567)

Vulnerability from cvelistv5 – Published: 2019-06-12 13:47 – Updated: 2024-08-04 20:23
VLAI
Summary
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An attacker may extract and recover device passwords from the device configuration. Successful exploitation requires access to a device configuration backup and impacts confidentiality of the stored passwords.
Severity
No CVSS data available.
CWE
  • CWE-257 - Storing Passwords in a Recoverable Format
Assigner
References
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:23:22.108Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions \u003c V5.2.4"
            }
          ]
        },
        {
          "product": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.0"
            }
          ]
        },
        {
          "product": "SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.3"
            }
          ]
        },
        {
          "product": "SCALANCE X-414-3E",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions \u003c V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions \u003c V4.1.3), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An attacker may extract and recover device passwords from the device configuration. Successful exploitation requires access to a device configuration backup and impacts confidentiality of the stored passwords."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-257",
              "description": "CWE-257: Storing Passwords in a Recoverable Format",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-09T15:38:17.000Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2019-6567",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All Versions \u003c V5.2.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V5.5.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.1.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X-414-3E",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions \u003c V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions \u003c V4.1.3), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An attacker may extract and recover device passwords from the device configuration. Successful exploitation requires access to a device configuration backup and impacts confidentiality of the stored passwords."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-257: Storing Passwords in a Recoverable Format"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2019-6567",
    "datePublished": "2019-06-12T13:47:56.000Z",
    "dateReserved": "2019-01-22T00:00:00.000Z",
    "dateUpdated": "2024-08-04T20:23:22.108Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-5615 (GCVE-0-2019-5615)

Vulnerability from cvelistv5 – Published: 2019-04-09 15:27 – Updated: 2024-09-17 03:02
VLAI
Title
Rapid7 InsightVM Stored Credential Exposure
Summary
Users with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passwords. Valid credentials are required to access these files and malicious users would still need to perform additional work to decrypt the credentials and escalate privileges. This issue affects: Rapid7 InsightVM versions 6.5.11 through 6.5.49.
CWE
  • CWE-257
  • Storing Passwords in a Recoverable Format
Assigner
References
Impacted products
Vendor Product Version
Rapid7 InsightVM Affected: 6.5.49 , ≤ 6.5.49 (custom)
Affected: 6.5.11 , < 6.5.11* (custom)
Create a notification for this product.
Date Public
2019-01-30 00:00
Credits
This issue was discovered, and reported to Rapid7, by Robert Elliott from IBM Security. It is being disclosed in accordance Rapid7's vulnerability disclosure policy (https://www.rapid7.com/disclosure/).
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:01:51.559Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.rapid7.com/insightvm/en-us/release-notes/#6.5.50"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "InsightVM",
          "vendor": "Rapid7",
          "versions": [
            {
              "lessThanOrEqual": "6.5.49",
              "status": "affected",
              "version": "6.5.49",
              "versionType": "custom"
            },
            {
              "lessThan": "6.5.11*",
              "status": "affected",
              "version": "6.5.11",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered, and reported to Rapid7, by Robert Elliott from IBM Security. It is being disclosed in accordance Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
        }
      ],
      "datePublic": "2019-01-30T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Users with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passwords. Valid credentials are required to access these files and malicious users would still need to perform additional work to decrypt the credentials and escalate privileges. This issue affects: Rapid7 InsightVM versions 6.5.11 through 6.5.49."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-257",
              "description": "CWE-257",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Storing Passwords in a Recoverable Format",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-09T15:27:05.000Z",
        "orgId": "9974b330-7714-4307-a722-5648477acda7",
        "shortName": "rapid7"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.rapid7.com/insightvm/en-us/release-notes/#6.5.50"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update the Security Console to version 6.5.50 or later."
        }
      ],
      "source": {
        "defect": [
          "NEX-51442"
        ],
        "discovery": "USER"
      },
      "title": "Rapid7 InsightVM Stored Credential Exposure",
      "x_generator": {
        "engine": "Vulnogram 0.0.6"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@rapid7.com",
          "DATE_PUBLIC": "2019-01-30T14:00:00.000Z",
          "ID": "CVE-2019-5615",
          "STATE": "PUBLIC",
          "TITLE": "Rapid7 InsightVM Stored Credential Exposure"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "InsightVM",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "6.5.49",
                            "version_value": "6.5.49"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_name": "6.5.11",
                            "version_value": "6.5.11"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Rapid7"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "This issue was discovered, and reported to Rapid7, by Robert Elliott from IBM Security. It is being disclosed in accordance Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Users with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passwords. Valid credentials are required to access these files and malicious users would still need to perform additional work to decrypt the credentials and escalate privileges. This issue affects: Rapid7 InsightVM versions 6.5.11 through 6.5.49."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.6"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-257"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Storing Passwords in a Recoverable Format"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://help.rapid7.com/insightvm/en-us/release-notes/#6.5.50",
              "refsource": "CONFIRM",
              "url": "https://help.rapid7.com/insightvm/en-us/release-notes/#6.5.50"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Update the Security Console to version 6.5.50 or later."
          }
        ],
        "source": {
          "defect": [
            "NEX-51442"
          ],
          "discovery": "USER"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
    "assignerShortName": "rapid7",
    "cveId": "CVE-2019-5615",
    "datePublished": "2019-04-09T15:27:05.703Z",
    "dateReserved": "2019-01-07T00:00:00.000Z",
    "dateUpdated": "2024-09-17T03:02:06.706Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-3736 (GCVE-0-2019-3736)

Vulnerability from cvelistv5 – Published: 2019-09-27 20:19 – Updated: 2024-09-17 04:10
VLAI
Summary
Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted passwords stored locally on the system to use it to access other components using the privileges of the compromised user.
CWE
  • CWE-257 - Storing Passwords in a Recoverable Format
Assigner
References
Impacted products
Date Public
2019-08-08 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:19:18.261Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/security/en-us/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Integrated Data Protection Appliance",
          "vendor": "Dell",
          "versions": [
            {
              "status": "affected",
              "version": "prior to 2.3"
            }
          ]
        }
      ],
      "datePublic": "2019-08-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted passwords stored locally on the system to use it to access other components using the privileges of the compromised user."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-257",
              "description": "CWE-257: Storing Passwords in a Recoverable Format",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-27T20:19:45.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.dell.com/support/security/en-us/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "DATE_PUBLIC": "2019-08-08",
          "ID": "CVE-2019-3736",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Integrated Data Protection Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to 2.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Dell"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted passwords stored locally on the system to use it to access other components using the privileges of the compromised user."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 8.2,
            "baseSeverity": "High",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-257: Storing Passwords in a Recoverable Format"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.dell.com/support/security/en-us/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities",
              "refsource": "CONFIRM",
              "url": "https://www.dell.com/support/security/en-us/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2019-3736",
    "datePublished": "2019-09-27T20:19:45.429Z",
    "dateReserved": "2019-01-03T00:00:00.000Z",
    "dateUpdated": "2024-09-17T04:10:25.001Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-5446 (GCVE-0-2018-5446)

Vulnerability from cvelistv5 – Published: 2018-05-04 18:00 – Updated: 2025-05-22 17:40
VLAI
Title
Medtronic 2090 Carelink Programmer Storing Passwords in a Recoverable Format
Summary
Medtronic 2090 CareLink Programmer uses a per-product username and password that is stored in a recoverable format.
CWE
Assigner
Impacted products
Date Public
2018-06-29 06:00
Credits
Billy Rios and Jonathan Butts of Whitescope LLC identified these vulnerabilities and reported them to CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:33:44.403Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "2090 CareLink Programmer",
          "vendor": "Medtronic",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "29901 Encore Programmer",
          "vendor": "Medtronic",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Billy Rios and Jonathan Butts of Whitescope LLC identified these vulnerabilities and reported them to CISA."
        }
      ],
      "datePublic": "2018-06-29T06:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eMedtronic 2090 CareLink Programmer \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003euses a per-product username and password that is stored in a recoverable format. \u003c/span\u003e\n\n\n\n\u003c/p\u003e"
            }
          ],
          "value": "Medtronic 2090 CareLink Programmer \n\nuses a per-product username and password that is stored in a recoverable format."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-257",
              "description": "CWE-257",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-22T17:40:34.569Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/carelink-2090-29901.html"
        },
        {
          "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-058-01"
        }
      ],
      "source": {
        "advisory": "ICSMA-18-058-01",
        "discovery": "EXTERNAL"
      },
      "title": "Medtronic 2090 Carelink Programmer Storing Passwords in a Recoverable Format",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eMedtronic has assessed the vulnerabilities and determined that no new potential safety risks were identified. In order to enhance system security, Medtronic has added periodic integrity checks for files associated with the software deployment network. Additionally, Medtronic has developed server-side security changes that further enhance security. Medtronic reports that they will not be issuing a product update; however, Medtronic has identified compensating controls within this advisory to reduce the risk of exploitation and reiterates the following from the CareLink 2090 Programmer Reference Manual:\u003c/p\u003e\u003cul\u003e\u003cli\u003eMaintain good physical controls over the programmer. Having a secure physical environment prevents access to the internals of the programmer.\u003c/li\u003e\u003cli\u003eOnly connect the programmer to managed, secure networks.\u003c/li\u003e\u003cli\u003eUpdate the software on the programmer when Medtronic updates are available.\u003c/li\u003e\u003cli\u003eAlternatively, disconnect the programmer from the network. Network connectivity is not required for normal programmer operation. \u003c/li\u003e\u003cli\u003eOffline updates are available, contact your Medtronic representative for more information.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eMedtronic has deployed mitigating patches to address the reported vulnerabilities. Medtronic has also stated that they have increased security controls associated with these vulnerabilities. As a result of the available mitigating patches, Medtronic has re-enabled the network-based software update mechanism.\u003c/p\u003e\u003cp\u003eMedtronic has stated that the patch for affected products can be obtained by contacting Medtronic Technical Services at 800\u2011638\u20111991.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eAfter additional review and risk evaluation of the affected products, Medtronic has disabled the network-based software update mechanism, including both the VPN and the HTTP subservices, as an immediate security mitigation. Users should not attempt to update the affected products over the network as this update mechanism is vulnerable to the attack described in section 4.2.3. Medtronic will continue to implement and deploy increased security protections and mitigations to address the vulnerabilities in this advisory.\u003c/p\u003e\u003cp\u003eUsers should still obtain and apply updates via controlled USB dongles and should contact their Medtronic representative for more information.\u003c/p\u003e\u003cp\u003eMedtronic recommends that affected products continue to be used for their intended purpose in the previously described manner.\u003cbr\u003e\u003cbr\u003eMedtronic has released a security bulletin for the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.medtronic.com/security\"\u003e2090 CareLink Programmer\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Medtronic has assessed the vulnerabilities and determined that no new potential safety risks were identified. In order to enhance system security, Medtronic has added periodic integrity checks for files associated with the software deployment network. Additionally, Medtronic has developed server-side security changes that further enhance security. Medtronic reports that they will not be issuing a product update; however, Medtronic has identified compensating controls within this advisory to reduce the risk of exploitation and reiterates the following from the CareLink 2090 Programmer Reference Manual:\n\n  *  Maintain good physical controls over the programmer. Having a secure physical environment prevents access to the internals of the programmer.\n  *  Only connect the programmer to managed, secure networks.\n  *  Update the software on the programmer when Medtronic updates are available.\n  *  Alternatively, disconnect the programmer from the network. Network connectivity is not required for normal programmer operation. \n  *  Offline updates are available, contact your Medtronic representative for more information.\n\n\nMedtronic has deployed mitigating patches to address the reported vulnerabilities. Medtronic has also stated that they have increased security controls associated with these vulnerabilities. As a result of the available mitigating patches, Medtronic has re-enabled the network-based software update mechanism.\n\nMedtronic has stated that the patch for affected products can be obtained by contacting Medtronic Technical Services at 800\u2011638\u20111991.\n\n\nAfter additional review and risk evaluation of the affected products, Medtronic has disabled the network-based software update mechanism, including both the VPN and the HTTP subservices, as an immediate security mitigation. Users should not attempt to update the affected products over the network as this update mechanism is vulnerable to the attack described in section 4.2.3. Medtronic will continue to implement and deploy increased security protections and mitigations to address the vulnerabilities in this advisory.\n\nUsers should still obtain and apply updates via controlled USB dongles and should contact their Medtronic representative for more information.\n\nMedtronic recommends that affected products continue to be used for their intended purpose in the previously described manner.\n\nMedtronic has released a security bulletin for the  2090 CareLink Programmer https://www.medtronic.com/security ."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "2018-06-29T00:00:00",
          "ID": "CVE-2018-10596",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Medtronic 2090 CareLink Programmer",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2090 CareLink Programmer, all versions."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ICS-CERT"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Medtronic 2090 CareLink Programmer all versions The affected product uses a virtual private network connection to securely download updates. The product does not verify it is still connected to this virtual private network before downloading updates. An attacker with local network access to the programmer could influence these communications."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "IMPROPER RESTRICTION OF COMMUNICATION CHANNEL TO INTENDED ENDPOINTS CWE-923"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2018-5446",
    "datePublished": "2018-05-04T18:00:00.000Z",
    "dateReserved": "2018-01-12T00:00:00.000Z",
    "dateUpdated": "2025-05-22T17:40:34.569Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

Use strong, non-reversible encryption to protect stored passwords.

CAPEC-49: Password Brute Forcing

An adversary tries every possible value for a password until they succeed. A brute force attack, if feasible computationally, will always be successful because it will essentially go through all possible passwords given the alphabet used (lower case letters, upper case letters, numbers, symbols, etc.) and the maximum length of the password.