exploitDog

CVE-2021-3130

Опубликовано: 20 янв. 2021

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible.

Ссылки

https://opmantek.com/network-discovery-inventory-software/
Vendor Advisory
https://raw.githubusercontent.com/B0D0B0P0T/CVE/main/CVE-2021-3130
Third Party Advisory
https://opmantek.com/network-discovery-inventory-software/
Vendor Advisory
https://raw.githubusercontent.com/B0D0B0P0T/CVE/main/CVE-2021-3130
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opmantek:open-audit:*:*:*:*:*:*:*:*

Версия до 4.0.2 (включая)

EPSS

Процентиль: 70%

0.00627

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-qpq8-7ff2-687p

CVSS3: 5.9

github

больше 3 лет назад

Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible.

EPSS

Процентиль: 70%

0.00627

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other