A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A…
juniper·CWE-256·Published 2019-04-10
A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A locally authenticated attacker who is able to access these stored plaintext credentials can use them to login to the Organization. Affected products are: Juniper Networks Service Insight versions from 15.1R1, prior to 18.1R1. Service Now versions from 15.1R1, prior to 18.1R1.
A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A locally authenticated attacker who is able to access these stored plaintext credentials can use them to login to the Organization. Affected products are: Juniper Networks Service Insight versions from 15.1R1, prior to 18.1R1. Service Now versions from 15.1R1, prior to 18.1R1.
Se presenta un problema de administración de contraseña donde el nombre de usuario y la contraseña de autenticación de la Organización fueron almacenadas en texto plano en los archivos de registro. Un atacante autenticado localmente que es capaz de acceder a estas credenciales almacenadas de texto plano puede usarlas para iniciar sesión en la Organización. Los productos afectados son: Juniper Networks Service Insight versiones desde 15.1R1, anterior a 18.1R1. Service Now versiones desde 15.1R1, anterior a 18.1R1.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 2.1 | 3.9 | 2.9 | AV:L/AC:L/Au:N/C:P/I:N/A:N |
| 3.0 | Primary | cve.org | 6.5 | — | — | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
| 3.0 | Primary | cve.org | 6.5 | — | — | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
| 3.0 | Secondary | NVD | 6.5 | 2.0 | 4.0 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
| 3.1 | Primary | NVD | 7.8 | 1.8 | 5.9 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |