CWE-312
Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
CVE-2020-10053 (GCVE-0-2020-10053)
Vulnerability from cvelistv5 – Published: 2021-11-09 11:31 – Updated: 2024-08-04 10:50
VLAI
Summary
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as database credentials in configuration files. A local attacker with access to the configuration files could use this information to launch further attacks.
Severity
No CVSS data available.
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | SIMATIC RTLS Locating Manager |
Affected:
All versions < V2.12
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-145157.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIMATIC RTLS Locating Manager",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions \u003c V2.12). The affected application writes sensitive data, such as database credentials in configuration files. A local attacker with access to the configuration files could use this information to launch further attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-09T11:31:37.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-145157.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-10053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC RTLS Locating Manager",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V2.12"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions \u003c V2.12). The affected application writes sensitive data, such as database credentials in configuration files. A local attacker with access to the configuration files could use this information to launch further attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312: Cleartext Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-145157.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-145157.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2020-10053",
"datePublished": "2021-11-09T11:31:37.000Z",
"dateReserved": "2020-03-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:50:57.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10706 (GCVE-0-2020-10706)
Vulnerability from cvelistv5 – Published: 2020-05-12 13:48 – Updated: 2024-08-04 11:06
VLAI
Summary
A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via the WebUI or via the command line in the last 24 hours. Once the backup is older than 24 hours the OAuth tokens are no longer valid.
Severity
6.3 (Medium)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| [UNKNOWN] | openshift/openshift-apiserver |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:11.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10706"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openshift/openshift-apiserver",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via the WebUI or via the command line in the last 24 hours. Once the backup is older than 24 hours the OAuth tokens are no longer valid."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-12T13:48:36.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10706"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10706",
"datePublished": "2020-05-12T13:48:36.000Z",
"dateReserved": "2020-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:06:11.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14480 (GCVE-0-2020-14480)
Vulnerability from cvelistv5 – Published: 2022-02-24 18:27 – Updated: 2025-04-17 18:47
VLAI
Summary
Due to usernames/passwords being stored in plaintext in Random Access Memory (RAM), a local, authenticated attacker could gain access to certain credentials, including Windows Logon credentials.
Severity
5.5 (Medium)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rockwell Automation | FactoryTalk View SE |
Affected:
unspecified , ≤ 9.0
(custom)
Affected: 10.0 |
Date Public
2020-06-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-177-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-14480",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T17:49:28.049402Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T18:47:48.674Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FactoryTalk View SE",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "10.0"
}
]
}
],
"datePublic": "2020-06-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Due to usernames/passwords being stored in plaintext in Random Access Memory (RAM), a local, authenticated attacker could gain access to certain credentials, including Windows Logon credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-24T18:27:14.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-177-03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2020-06-25T16:00:00.000Z",
"ID": "CVE-2020-14480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FactoryTalk View SE",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "9.0"
},
{
"version_affected": "=",
"version_value": "10.0"
}
]
}
}
]
},
"vendor_name": "Rockwell Automation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to usernames/passwords being stored in plaintext in Random Access Memory (RAM), a local, authenticated attacker could gain access to certain credentials, including Windows Logon credentials."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-177-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-177-03"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14480",
"datePublished": "2022-02-24T18:27:14.889Z",
"dateReserved": "2020-06-19T00:00:00.000Z",
"dateUpdated": "2025-04-17T18:47:48.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15085 (GCVE-0-2020-15085)
Vulnerability from cvelistv5 – Published: 2020-06-30 16:25 – Updated: 2024-08-04 13:08
VLAI
Title
Client caching login operation with plaintext password in Saleor Storefront
Summary
In Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser's local storage mechanism, including credentials. A malicious user with direct access to the browser could extract the email and password. In versions prior to 2.10.0 persisted the cache even after the user logged out. This is fixed in version 2.10.3. A workaround is to manually clear application data (browser's local storage) after logging into Saleor Storefront.
Severity
6.9 (Medium)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/mirumee/saleor-storefront/secu… | x_refsource_CONFIRM |
| https://github.com/mirumee/saleor-storefront/blob… | x_refsource_MISC |
| https://github.com/mirumee/saleor-storefront/comm… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mirumee | saleor-storefront |
Affected:
< 2.10.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:22.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mirumee/saleor-storefront/security/advisories/GHSA-4279-h39w-2jqm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mirumee/saleor-storefront/blob/master/CHANGELOG.md#2103"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mirumee/saleor-storefront/commit/7c331e1be805022c9a7be719bd69d050b2577458"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "saleor-storefront",
"vendor": "mirumee",
"versions": [
{
"status": "affected",
"version": "\u003c 2.10.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser\u0027s local storage mechanism, including credentials. A malicious user with direct access to the browser could extract the email and password. In versions prior to 2.10.0 persisted the cache even after the user logged out. This is fixed in version 2.10.3. A workaround is to manually clear application data (browser\u0027s local storage) after logging into Saleor Storefront."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-30T16:25:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mirumee/saleor-storefront/security/advisories/GHSA-4279-h39w-2jqm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mirumee/saleor-storefront/blob/master/CHANGELOG.md#2103"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mirumee/saleor-storefront/commit/7c331e1be805022c9a7be719bd69d050b2577458"
}
],
"source": {
"advisory": "GHSA-4279-h39w-2jqm",
"discovery": "UNKNOWN"
},
"title": "Client caching login operation with plaintext password in Saleor Storefront",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15085",
"STATE": "PUBLIC",
"TITLE": "Client caching login operation with plaintext password in Saleor Storefront"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "saleor-storefront",
"version": {
"version_data": [
{
"version_value": "\u003c 2.10.3"
}
]
}
}
]
},
"vendor_name": "mirumee"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser\u0027s local storage mechanism, including credentials. A malicious user with direct access to the browser could extract the email and password. In versions prior to 2.10.0 persisted the cache even after the user logged out. This is fixed in version 2.10.3. A workaround is to manually clear application data (browser\u0027s local storage) after logging into Saleor Storefront."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312 Cleartext Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mirumee/saleor-storefront/security/advisories/GHSA-4279-h39w-2jqm",
"refsource": "CONFIRM",
"url": "https://github.com/mirumee/saleor-storefront/security/advisories/GHSA-4279-h39w-2jqm"
},
{
"name": "https://github.com/mirumee/saleor-storefront/blob/master/CHANGELOG.md#2103",
"refsource": "MISC",
"url": "https://github.com/mirumee/saleor-storefront/blob/master/CHANGELOG.md#2103"
},
{
"name": "https://github.com/mirumee/saleor-storefront/commit/7c331e1be805022c9a7be719bd69d050b2577458",
"refsource": "MISC",
"url": "https://github.com/mirumee/saleor-storefront/commit/7c331e1be805022c9a7be719bd69d050b2577458"
}
]
},
"source": {
"advisory": "GHSA-4279-h39w-2jqm",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15085",
"datePublished": "2020-06-30T16:25:13.000Z",
"dateReserved": "2020-06-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:08:22.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15105 (GCVE-0-2020-15105)
Vulnerability from cvelistv5 – Published: 2020-07-10 20:55 – Updated: 2024-08-04 13:08
VLAI
Title
In Django Two-Factor Authentication, user passwords are stored in clear text in the Django session
Summary
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authentication code. This means that the password is stored in clear text in the session for an arbitrary amount of time, and potentially forever if the user begins the login process by entering their username and password and then leaves before entering their two-factor authentication code. The severity of this issue depends on which type of session storage you have configured: in the worst case, if you're using Django's default database session storage, then users' passwords are stored in clear text in your database. In the best case, if you're using Django's signed cookie session, then users' passwords are only stored in clear text within their browser's cookie store. In the common case of using Django's cache session store, the users' passwords are stored in clear text in whatever cache storage you have configured (typically Memcached or Redis). This has been fixed in 1.12. After upgrading, users should be sure to delete any clear text passwords that have been stored. For example, if you're using the database session backend, you'll likely want to delete any session record from the database and purge that data from any database backups or replicas. In addition, affected organizations who have suffered a database breach while using an affected version should inform their users that their clear text passwords have been compromised. All organizations should encourage users whose passwords were insecurely stored to change these passwords on any sites where they were used. As a workaround, wwitching Django's session storage to use signed cookies instead of the database or cache lessens the impact of this issue, but should not be done without a thorough understanding of the security tradeoffs of using signed cookies rather than a server-side session storage. There is no way to fully mitigate the issue without upgrading.
Severity
5.4 (Medium)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/Bouke/django-two-factor-auth/s… | x_refsource_CONFIRM |
| https://github.com/Bouke/django-two-factor-auth/c… | x_refsource_MISC |
| https://github.com/Bouke/django-two-factor-auth/b… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Bouke | django-two-factor-auth |
Affected:
< 1.12
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:21.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Bouke/django-two-factor-auth/security/advisories/GHSA-vhr6-pvjm-9qwf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Bouke/django-two-factor-auth/commit/454fd9842fa6e8bb772dbf0943976bc8e3335359"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Bouke/django-two-factor-auth/blob/master/CHANGELOG.md#112---2020-07-08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "django-two-factor-auth",
"vendor": "Bouke",
"versions": [
{
"status": "affected",
"version": "\u003c 1.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Django Two-Factor Authentication before 1.12, stores the user\u0027s password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authentication code. This means that the password is stored in clear text in the session for an arbitrary amount of time, and potentially forever if the user begins the login process by entering their username and password and then leaves before entering their two-factor authentication code. The severity of this issue depends on which type of session storage you have configured: in the worst case, if you\u0027re using Django\u0027s default database session storage, then users\u0027 passwords are stored in clear text in your database. In the best case, if you\u0027re using Django\u0027s signed cookie session, then users\u0027 passwords are only stored in clear text within their browser\u0027s cookie store. In the common case of using Django\u0027s cache session store, the users\u0027 passwords are stored in clear text in whatever cache storage you have configured (typically Memcached or Redis). This has been fixed in 1.12. After upgrading, users should be sure to delete any clear text passwords that have been stored. For example, if you\u0027re using the database session backend, you\u0027ll likely want to delete any session record from the database and purge that data from any database backups or replicas. In addition, affected organizations who have suffered a database breach while using an affected version should inform their users that their clear text passwords have been compromised. All organizations should encourage users whose passwords were insecurely stored to change these passwords on any sites where they were used. As a workaround, wwitching Django\u0027s session storage to use signed cookies instead of the database or cache lessens the impact of this issue, but should not be done without a thorough understanding of the security tradeoffs of using signed cookies rather than a server-side session storage. There is no way to fully mitigate the issue without upgrading."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-10T20:55:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Bouke/django-two-factor-auth/security/advisories/GHSA-vhr6-pvjm-9qwf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Bouke/django-two-factor-auth/commit/454fd9842fa6e8bb772dbf0943976bc8e3335359"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Bouke/django-two-factor-auth/blob/master/CHANGELOG.md#112---2020-07-08"
}
],
"source": {
"advisory": "GHSA-vhr6-pvjm-9qwf",
"discovery": "UNKNOWN"
},
"title": "In Django Two-Factor Authentication, user passwords are stored in clear text in the Django session",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15105",
"STATE": "PUBLIC",
"TITLE": "In Django Two-Factor Authentication, user passwords are stored in clear text in the Django session"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "django-two-factor-auth",
"version": {
"version_data": [
{
"version_value": "\u003c 1.12"
}
]
}
}
]
},
"vendor_name": "Bouke"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Django Two-Factor Authentication before 1.12, stores the user\u0027s password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authentication code. This means that the password is stored in clear text in the session for an arbitrary amount of time, and potentially forever if the user begins the login process by entering their username and password and then leaves before entering their two-factor authentication code. The severity of this issue depends on which type of session storage you have configured: in the worst case, if you\u0027re using Django\u0027s default database session storage, then users\u0027 passwords are stored in clear text in your database. In the best case, if you\u0027re using Django\u0027s signed cookie session, then users\u0027 passwords are only stored in clear text within their browser\u0027s cookie store. In the common case of using Django\u0027s cache session store, the users\u0027 passwords are stored in clear text in whatever cache storage you have configured (typically Memcached or Redis). This has been fixed in 1.12. After upgrading, users should be sure to delete any clear text passwords that have been stored. For example, if you\u0027re using the database session backend, you\u0027ll likely want to delete any session record from the database and purge that data from any database backups or replicas. In addition, affected organizations who have suffered a database breach while using an affected version should inform their users that their clear text passwords have been compromised. All organizations should encourage users whose passwords were insecurely stored to change these passwords on any sites where they were used. As a workaround, wwitching Django\u0027s session storage to use signed cookies instead of the database or cache lessens the impact of this issue, but should not be done without a thorough understanding of the security tradeoffs of using signed cookies rather than a server-side session storage. There is no way to fully mitigate the issue without upgrading."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312: Cleartext Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Bouke/django-two-factor-auth/security/advisories/GHSA-vhr6-pvjm-9qwf",
"refsource": "CONFIRM",
"url": "https://github.com/Bouke/django-two-factor-auth/security/advisories/GHSA-vhr6-pvjm-9qwf"
},
{
"name": "https://github.com/Bouke/django-two-factor-auth/commit/454fd9842fa6e8bb772dbf0943976bc8e3335359",
"refsource": "MISC",
"url": "https://github.com/Bouke/django-two-factor-auth/commit/454fd9842fa6e8bb772dbf0943976bc8e3335359"
},
{
"name": "https://github.com/Bouke/django-two-factor-auth/blob/master/CHANGELOG.md#112---2020-07-08",
"refsource": "MISC",
"url": "https://github.com/Bouke/django-two-factor-auth/blob/master/CHANGELOG.md#112---2020-07-08"
}
]
},
"source": {
"advisory": "GHSA-vhr6-pvjm-9qwf",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15105",
"datePublished": "2020-07-10T20:55:13.000Z",
"dateReserved": "2020-06-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:08:21.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15784 (GCVE-0-2020-15784)
Vulnerability from cvelistv5 – Published: 2020-09-09 18:11 – Updated: 2024-08-04 13:22
VLAI
Summary
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). Insecure storage of sensitive information in the configuration files could allow the retrieval of user names.
Severity
No CVSS data available.
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens AG | Spectrum Power 4 |
Affected:
All versions < V4.70 SP8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-568969.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Power 4",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.70 SP8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Spectrum Power 4 (All versions \u003c V4.70 SP8). Insecure storage of sensitive information in the configuration files could allow the retrieval of user names."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-09T18:11:32.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-568969.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-15784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Power 4",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.70 SP8"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Spectrum Power 4 (All versions \u003c V4.70 SP8). Insecure storage of sensitive information in the configuration files could allow the retrieval of user names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312: Cleartext Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-568969.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-568969.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2020-15784",
"datePublished": "2020-09-09T18:11:32.000Z",
"dateReserved": "2020-07-15T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:22:30.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25677 (GCVE-0-2020-25677)
Vulnerability from cvelistv5 – Published: 2020-12-08 00:02 – Updated: 2024-08-04 15:40
VLAI
Summary
A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1892108 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ceph-ansible |
Affected:
ceph-ansible-4.0.41
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892108"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ceph-ansible",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ceph-ansible-4.0.41"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-23T18:41:04.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892108"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-25677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ceph-ansible",
"version": {
"version_data": [
{
"version_value": "ceph-ansible-4.0.41"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1892108",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892108"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-25677",
"datePublished": "2020-12-08T00:02:25.000Z",
"dateReserved": "2020-09-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:40:36.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25678 (GCVE-0-2020-25678)
Vulnerability from cvelistv5 – Published: 2021-01-08 17:59 – Updated: 2025-02-13 16:27
VLAI
Summary
A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.
Severity
No CVSS data available.
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1892109 | x_refsource_MISC |
| https://tracker.ceph.com/issues/37503 | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.gentoo.org/glsa/202105-39 | vendor-advisoryx_refsource_GENTOO |
| https://lists.debian.org/debian-lts-announce/2023… |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892109"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tracker.ceph.com/issues/37503"
},
{
"name": "FEDORA-2021-93ff9e9103",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQTBKVXVYP7GPQNZ5VASOIJHMLK7727M/"
},
{
"name": "GLSA-202105-39",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202105-39"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ceph",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ceph versions prior to 16.y.z"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T18:06:33.797Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892109"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tracker.ceph.com/issues/37503"
},
{
"name": "FEDORA-2021-93ff9e9103",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQTBKVXVYP7GPQNZ5VASOIJHMLK7727M/"
},
{
"name": "GLSA-202105-39",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202105-39"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-25678",
"datePublished": "2021-01-08T17:59:34.000Z",
"dateReserved": "2020-09-16T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:27:41.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26228 (GCVE-0-2020-26228)
Vulnerability from cvelistv5 – Published: 2020-11-23 21:10 – Updated: 2024-08-04 15:56
VLAI
Title
Cleartext storage of session identifier
Summary
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described.
Severity
8.1 (High)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/TYPO3/TYPO3.CMS/security/advis… | x_refsource_CONFIRM |
| https://typo3.org/security/advisory/typo3-core-sa… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:03.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-954j-f27r-cj52"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3.CMS",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.23"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-23T21:10:16.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-954j-f27r-cj52"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-011"
}
],
"source": {
"advisory": "GHSA-954j-f27r-cj52",
"discovery": "UNKNOWN"
},
"title": "Cleartext storage of session identifier",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-26228",
"STATE": "PUBLIC",
"TITLE": "Cleartext storage of session identifier"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3.CMS",
"version": {
"version_data": [
{
"version_value": "\u003e= 9.0.0, \u003c 9.5.23"
},
{
"version_value": "\u003e= 10.0.0, \u003c 10.4.10"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312: Cleartext Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-954j-f27r-cj52",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-954j-f27r-cj52"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2020-011",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-011"
}
]
},
"source": {
"advisory": "GHSA-954j-f27r-cj52",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-26228",
"datePublished": "2020-11-23T21:10:16.000Z",
"dateReserved": "2020-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:56:03.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26288 (GCVE-0-2020-26288)
Vulnerability from cvelistv5 – Published: 2020-12-30 19:25 – Updated: 2024-08-04 15:56
VLAI
Title
Parse Server stores password in plain text
Summary
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package "parse-server". In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping password after authentication to prevent cleartext password storage.
Severity
7.7 (High)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/parse-community/parse-server/s… | x_refsource_CONFIRM |
| https://github.com/parse-community/parse-server/c… | x_refsource_MISC |
| https://github.com/parse-community/parse-server/r… | x_refsource_MISC |
| https://www.npmjs.com/package/parse-server | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| parse-community | parse-server |
Affected:
< 4.5.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:04.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-4w46-w44m-3jq3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/parse-community/parse-server/commit/da905a357d062ab4fea727a21eac231acc2ed92a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/parse-community/parse-server/releases/tag/4.5.0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.npmjs.com/package/parse-server"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "parse-server",
"vendor": "parse-community",
"versions": [
{
"status": "affected",
"version": "\u003c 4.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package \"parse-server\". In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping password after authentication to prevent cleartext password storage."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-30T19:25:16.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-4w46-w44m-3jq3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parse-community/parse-server/commit/da905a357d062ab4fea727a21eac231acc2ed92a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parse-community/parse-server/releases/tag/4.5.0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.npmjs.com/package/parse-server"
}
],
"source": {
"advisory": "GHSA-4w46-w44m-3jq3",
"discovery": "UNKNOWN"
},
"title": "Parse Server stores password in plain text",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-26288",
"STATE": "PUBLIC",
"TITLE": "Parse Server stores password in plain text"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "parse-server",
"version": {
"version_data": [
{
"version_value": "\u003c 4.5.0"
}
]
}
}
]
},
"vendor_name": "parse-community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package \"parse-server\". In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping password after authentication to prevent cleartext password storage."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312: Cleartext Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/parse-community/parse-server/security/advisories/GHSA-4w46-w44m-3jq3",
"refsource": "CONFIRM",
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-4w46-w44m-3jq3"
},
{
"name": "https://github.com/parse-community/parse-server/commit/da905a357d062ab4fea727a21eac231acc2ed92a",
"refsource": "MISC",
"url": "https://github.com/parse-community/parse-server/commit/da905a357d062ab4fea727a21eac231acc2ed92a"
},
{
"name": "https://github.com/parse-community/parse-server/releases/tag/4.5.0",
"refsource": "MISC",
"url": "https://github.com/parse-community/parse-server/releases/tag/4.5.0"
},
{
"name": "https://www.npmjs.com/package/parse-server",
"refsource": "MISC",
"url": "https://www.npmjs.com/package/parse-server"
}
]
},
"source": {
"advisory": "GHSA-4w46-w44m-3jq3",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-26288",
"datePublished": "2020-12-30T19:25:17.000Z",
"dateReserved": "2020-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:56:04.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phases: Implementation, System Configuration, Operation
Description:
- When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301]
Mitigation
Phases: Implementation, System Configuration, Operation
Description:
- In some systems/environments such as cloud, the use of "double encryption" (at both the software and hardware layer) might be required, and the developer might be solely responsible for both layers, instead of shared responsibility with the administrator of the broader system/environment.
CAPEC-37: Retrieve Embedded Sensitive Data
An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.