Skip to main content

Cleartext Storage of Sensitive Information

CVE-2021-31539

Severity Low
Score 2.1/10

Summary

Wowza Streaming Engine before 4.8.8.01 (in a default installation) has cleartext passwords stored in the conf/admin.password file. A regular local user is able to read usernames and passwords.

  • LOW
  • LOCAL
  • NONE
  • NONE
  • PARTIAL
  • NONE

CWE-312 - Cleartext Storage of Sensitive Information

The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References

Advisory Timeline

  • Published