Plaintext Storage of a Password

CVE-2023-50956

Medium

4.4/10

Summary

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-256 - Plaintext Storage of a Password

Storing a password in plaintext may result in a system compromise.

References

Advisory Timeline

Published Dec 18, 2024

Plaintext Storage of a Password

CVE-2023-50956

Summary

CWE-256 - Plaintext Storage of a Password

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS