CVE-2022-22703

Published: Jan 17, 2022Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer.

Affected (2)

Products: Stormshield: Network Security

Stormshield

1 product

Network Security

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Stormshield Network Security	From 2.0.0 to 2.1.1
Stormshield Network Security	From 3.0.0 to 3.0.2

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

CWE-532

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (2)

https://advisories.stormshield.eu/2022-001

Source: cve@mitre.org

Vendor Advisory

https://advisories.stormshield.eu/2022-001

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.