CVE-2024-31840

Published: May 21, 2024Modified: Mar 14, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form with the current credentials for the email account, including the cleartext password.

Affected (1)

Products: Italtel: Embrace

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Italtel Embrace	Version 1.6.4

Related CWEs

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (2)

https://www.gruppotim.it/it/footer/red-team.html

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.gruppotim.it/it/footer/red-team.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.