Password in Configuration File

CVE-2014-5400

Medium

6.8/10

Summary

The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file.

Access Complexity: LOW
AccessVector: LOCAL
Authentication: SINGLE
Integrity Impact: COMPLETE
Confidentiality Impact: COMPLETE
Availability Impact: COMPLETE

CWE-260 - Password in Configuration File

The software stores a password in a configuration file that might be accessible to actors who do not know the password.

References

Advisory Timeline

Published Apr 03, 2015

Password in Configuration File

CVE-2014-5400

Summary

CWE-260 - Password in Configuration File

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS