Cleartext Storage of Sensitive Information in Memory

CVE-2021-32942

Medium

6.6/10

Summary

The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-316 - Cleartext Storage of Sensitive Information in Memory

The application stores sensitive information in cleartext in memory.

References

Advisory Timeline

Published Jun 09, 2021

Cleartext Storage of Sensitive Information in Memory

CVE-2021-32942

Summary

CWE-316 - Cleartext Storage of Sensitive Information in Memory

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS