Cleartext Storage of Sensitive Information

CVE-2018-17489

Low

2.9/10

Summary

EasyLobby Solo could allow a local attacker to obtain sensitive information, caused by the storing of the social security number in plaintext. By visiting the kiosk and viewing the Visitor table of the database, an attacker could exploit this vulnerability to view stored social security numbers.

Attack Complexity: HIGH
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-312 - Cleartext Storage of Sensitive Information

The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References

Advisory Timeline

Published Mar 21, 2019

Cleartext Storage of Sensitive Information

CVE-2018-17489

Summary

CWE-312 - Cleartext Storage of Sensitive Information

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS