CVE-2023-31925
Storage of clear text password in Brocade SANnav
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Brocade
SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords
in plaintext. A privileged user could retrieve these credentials with
knowledge and access to these log files. SNMP
credentials could be seen in SANnav SupportSave if the capture is
performed after an SNMP configuration failure causes an SNMP
communication log dump.
Brocade SANnav antes de v2.3.0 y v2.2.2a almacena las contraseñas de autenticación SNMPv3 en texto plano. Un usuario con privilegios podría recuperar estas credenciales con conocimiento y acceso a estos archivos de registro. Las credenciales SNMP podrían verse en SANnav SupportSave si la captura se realiza después de que un fallo de configuración SNMP provoque un volcado de registro de comunicación SNMP.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2023-04-29 CVE Reserved
- 2023-08-31 CVE Published
- 2024-09-06 EPSS Updated
- 2024-09-27 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-312: Cleartext Storage of Sensitive Information
CAPEC
- CAPEC-37: Retrieve Embedded Sensitive Data
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Broadcom Search vendor "Broadcom" | Brocade Sannav Search vendor "Broadcom" for product "Brocade Sannav" | < 2.2.2a Search vendor "Broadcom" for product "Brocade Sannav" and version " < 2.2.2a" | - |
Affected
|