Описание
EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, as used in Appliance 3.0, does not omit the cleartext administrative password from trace logging in custom SDK applications, which allows local users to obtain sensitive information by reading the trace log file.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:emc:rsa_authentication_manager:7.1:*:*:*:*:*:*:*
cpe:2.3:a:emc:rsa_authentication_manager:7.1:sp2:*:*:*:*:*:*
cpe:2.3:a:emc:rsa_authentication_manager:7.1:sp3:*:*:*:*:*:*
cpe:2.3:a:emc:rsa_authentication_manager:8.0:p1:*:*:*:*:*:*
cpe:2.3:a:rsa:authentication_manager:7.1:sp1:*:*:*:*:*:*
cpe:2.3:a:rsa:authentication_manager:8.0:*:*:*:*:*:*:*
EPSS
Процентиль: 17%
0.00053
Низкий
2.1 Low
CVSS2
Дефекты
CWE-255
Связанные уязвимости
github
больше 3 лет назад
EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, as used in Appliance 3.0, does not omit the cleartext administrative password from trace logging in custom SDK applications, which allows local users to obtain sensitive information by reading the trace log file.
EPSS
Процентиль: 17%
0.00053
Низкий
2.1 Low
CVSS2
Дефекты
CWE-255