Missing Encryption of Sensitive Data
CVE-2019-3431
Summary
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. Attackers could sniff unencrypted account and password through the network for front-end system access.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- HIGH
- HIGH
CWE-311 - Missing Encryption of Sensitive Data
The software does not encrypt sensitive or critical information before storage or transmission.
References
Advisory Timeline
- Published