Описание
An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.7.0 (включая) до 4.3.17 (исключая)Версия от 4.4.0 (включая) до 4.6.4 (исключая)
Одно из
cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*
cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*
cpe:2.3:a:stormshield:stormshield_network_security:4.7.0:*:*:*:*:*:*:*
EPSS
Процентиль: 27%
0.00097
Низкий
7.5 High
CVSS3
Дефекты
CWE-319
Связанные уязвимости
CVSS3: 7.5
github
около 2 лет назад
An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component.
EPSS
Процентиль: 27%
0.00097
Низкий
7.5 High
CVSS3
Дефекты
CWE-319