CVE-2019-0032
Junos Space Service Now and Service Insight: Organization username and password stored in plaintext in log files.
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A locally authenticated attacker who is able to access these stored plaintext credentials can use them to login to the Organization. Affected products are: Juniper Networks Service Insight versions from 15.1R1, prior to 18.1R1. Service Now versions from 15.1R1, prior to 18.1R1.
Se presenta un problema de administración de contraseña donde el nombre de usuario y la contraseña de autenticación de la Organización fueron almacenadas en texto plano en los archivos de registro. Un atacante autenticado localmente que es capaz de acceder a estas credenciales almacenadas de texto plano puede usarlas para iniciar sesión en la Organización. Los productos afectados son: Juniper Networks Service Insight versiones desde 15.1R1, anterior a 18.1R1. Service Now versiones desde 15.1R1, anterior a 18.1R1.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-10-11 CVE Reserved
- 2019-04-10 CVE Published
- 2024-04-03 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-256: Plaintext Storage of a Password
- CWE-522: Insufficiently Protected Credentials
- CWE-532: Insertion of Sensitive Information into Log File
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/107885 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://kb.juniper.net/JSA10921 | 2020-09-29 | |
https://kb.juniper.net/KB27572 | 2020-09-29 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Juniper Search vendor "Juniper" | Service Insight Search vendor "Juniper" for product "Service Insight" | >= 15.1r1 < 18.1r1 Search vendor "Juniper" for product "Service Insight" and version " >= 15.1r1 < 18.1r1" | - |
Affected
| ||||||
Juniper Search vendor "Juniper" | Service Now Search vendor "Juniper" for product "Service Now" | >= 15.1r1 < 18.1r1 Search vendor "Juniper" for product "Service Now" and version " >= 15.1r1 < 18.1r1" | - |
Affected
|