Cleartext Storage of Sensitive Information in Memory

CVE-2021-31989

Medium

5.3/10

Summary

A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-316 - Cleartext Storage of Sensitive Information in Memory

The application stores sensitive information in cleartext in memory.

References

Advisory Timeline

Published Aug 25, 2021

Cleartext Storage of Sensitive Information in Memory

CVE-2021-31989

Summary

CWE-316 - Cleartext Storage of Sensitive Information in Memory

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS