Lucene search

[email protected]NVD:CVE-2021-3130

HistoryJan 20, 2021 - 4:15 p.m.

CVE-2021-3130

2021-01-2016:15:14

[email protected]

web.nvd.nist.gov

open-audit

version 3.5.3

web interface

ssh secrets

windows passwords

snmp strings

html password field

obfuscation

developer tools

credentials

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

55.1%

JSON

Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML ‘password field’ obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible.

Affected configurations

Nvd

Node

opmantekopen-auditRange≤4.0.2

VendorProductVersionCPE
opmantekopen-audit*cpe:2.3:a:opmantek:open-audit:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
opmantek	open-audit	*	cpe:2.3:a:opmantek:open-audit::::::::

References

opmantek.com/network-discovery-inventory-software/

raw.githubusercontent.com/B0D0B0P0T/CVE/main/CVE-2021-3130

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

55.1%

JSON

Related for NVD:CVE-2021-3130

prion1 cvelist1 githubexploit1 cve1