CVE-2021-43271

Severity Score

6.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0, 11.11.0, 11.11.0a, 11.11.1, 11.11.1a, 11.11.5, and 11.11.5a (when configured to use local, RADIUS, or TACACS authentication) logs usernames and passwords if either is entered incorrectly. If a user enters an incorrect username and/or password when logging into the WebUI, these attempted credentials are included in an error message that is logged in the WebUI log file. A log entry does not appear if the username and password provided correctly match a valid set of credentials. This also does not happen if AppResponse is configured to use SAML authentication. The WebUI log file is included in subsequent diagnostic system dumps that are generated. (Only users with Full Control access to the System Configuration permission can generate system dumps. By default, only System Administrators have Full Control access to the System Configuration permission.)

Riverbed AppResponse versiones 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0, 11.11.0, 11.11.0a, 11.11.1, 11.11.1a, 11.11.5 y 11.11.5a (cuando están configurados para usar autenticación local, RADIUS o TACACS) registra los nombres de usuario y las contraseñas si son introducidos incorrectamente. Si un usuario introduce un nombre de usuario y/o una contraseña incorrectos cuando es conectado a la WebUI, estas credenciales intentadas son incluidas en un mensaje de error que es registrado en el archivo de registro de la WebUI. No aparece una entrada en el registro si el nombre de usuario y la contraseña proporcionados coinciden correctamente con un conjunto válido de credenciales. Esto tampoco ocurre si AppResponse está configurado para usar autenticación SAML. El archivo de registro de WebUI es incluido en posteriores volcados de diagnóstico del sistema que son generados. (Sólo los usuarios con acceso de Control Total al permiso de Configuración del Sistema pueden generar volcados del sistema. Por defecto, sólo los administradores del sistema presentan acceso de control total al permiso de configuración del sistema)

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-11-02 CVE Reserved
2022-06-03 CVE Published
2023-12-25 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-532: Insertion of Sensitive Information into Log File

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://supportkb.riverbed.com/support/index?page=content&id=S35806	2022-06-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Riverbed Search vendor "Riverbed"		Appresponse Search vendor "Riverbed" for product "Appresponse"				11.8.0 Search vendor "Riverbed" for product "Appresponse" and version "11.8.0"		-		Affected
Riverbed Search vendor "Riverbed"		Appresponse Search vendor "Riverbed" for product "Appresponse"				11.8.5 Search vendor "Riverbed" for product "Appresponse" and version "11.8.5"		-		Affected
Riverbed Search vendor "Riverbed"		Appresponse Search vendor "Riverbed" for product "Appresponse"				11.8.5a Search vendor "Riverbed" for product "Appresponse" and version "11.8.5a"		-		Affected
Riverbed Search vendor "Riverbed"		Appresponse Search vendor "Riverbed" for product "Appresponse"				11.9.0 Search vendor "Riverbed" for product "Appresponse" and version "11.9.0"		-		Affected
Riverbed Search vendor "Riverbed"		Appresponse Search vendor "Riverbed" for product "Appresponse"				11.9.0a Search vendor "Riverbed" for product "Appresponse" and version "11.9.0a"		-		Affected
Riverbed Search vendor "Riverbed"		Appresponse Search vendor "Riverbed" for product "Appresponse"				11.10.0 Search vendor "Riverbed" for product "Appresponse" and version "11.10.0"		-		Affected
Riverbed Search vendor "Riverbed"		Appresponse Search vendor "Riverbed" for product "Appresponse"				11.11.0 Search vendor "Riverbed" for product "Appresponse" and version "11.11.0"		-		Affected
Riverbed Search vendor "Riverbed"		Appresponse Search vendor "Riverbed" for product "Appresponse"				11.11.0a Search vendor "Riverbed" for product "Appresponse" and version "11.11.0a"		-		Affected
Riverbed Search vendor "Riverbed"		Appresponse Search vendor "Riverbed" for product "Appresponse"				11.11.1 Search vendor "Riverbed" for product "Appresponse" and version "11.11.1"		-		Affected
Riverbed Search vendor "Riverbed"		Appresponse Search vendor "Riverbed" for product "Appresponse"				11.11.1a Search vendor "Riverbed" for product "Appresponse" and version "11.11.1a"		-		Affected
Riverbed Search vendor "Riverbed"		Appresponse Search vendor "Riverbed" for product "Appresponse"				11.11.5 Search vendor "Riverbed" for product "Appresponse" and version "11.11.5"		-		Affected
Riverbed Search vendor "Riverbed"		Appresponse Search vendor "Riverbed" for product "Appresponse"				11.11.5a Search vendor "Riverbed" for product "Appresponse" and version "11.11.5a"		-		Affected