Skip to main content

Cleartext Storage of Sensitive Information


Severity High
Score 7.5/10


In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and potentially decrypt those credentials more easily than intended.

  • HIGH
  • HIGH
  • NONE
  • LOW
  • HIGH
  • HIGH

CWE-312 - Cleartext Storage of Sensitive Information

The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.


Advisory Timeline

  • Published