CVE-2021-42370

Published: Nov 8, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires configuring a web browser to display HTML password input fields.)

Affected (2)

Products: Xorux: Lpar2rrd, Stor2rrd

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Xorux Lpar2rrd	From 7.21 to 7.30
Xorux Stor2rrd	From 7.21 to 7.30

Related CWEs

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (6)

https://github.com/orangecertcc/security-research/security/advisories/GHSA-f3qp-4xqq-2wjx

Source: cve@mitre.org

Third Party Advisory

https://lpar2rrd.com/note730.php

Source: cve@mitre.org

Release NotesVendor Advisory

https://stor2rrd.com/note730.php

Source: cve@mitre.org

Release NotesVendor Advisory

https://github.com/orangecertcc/security-research/security/advisories/GHSA-f3qp-4xqq-2wjx

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lpar2rrd.com/note730.php

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://stor2rrd.com/note730.php

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.