Cleartext Storage of Sensitive Information in a Cookie

CVE-2021-34564

Medium

5.5/10

Summary

Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-315 - Cleartext Storage of Sensitive Information in a Cookie

The application stores sensitive information in cleartext in a cookie.

References

Advisory Timeline

Published Aug 31, 2021

Cleartext Storage of Sensitive Information in a Cookie

CVE-2021-34564

Summary

CWE-315 - Cleartext Storage of Sensitive Information in a Cookie

References

Advisory Timeline

KICS SaaS

Wireshark

ChainJacking