Plaintext Storage of a Password

CVE-2021-1589

Medium

6.5/10

Summary

A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain unauthorized access to user credentials. This vulnerability exists because access to API endpoints is not properly restricted. An attacker could exploit this vulnerability by sending a request to an API endpoint. A successful exploit could allow the attacker to gain unauthorized access to administrative credentials that could be used in further attacks.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-256 - Plaintext Storage of a Password

Storing a password in plaintext may result in a system compromise.

References

Advisory Timeline

Published Sep 23, 2021

Plaintext Storage of a Password

CVE-2021-1589

Summary

CWE-256 - Plaintext Storage of a Password

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS