6.5 CVE-2024-25658

Cleartext storage of passwords in Infinera TNMS (Transcend Network Management System) Server 19.10.3 allows attackers (with access to the database or exported configuration files) to obtain SNMP users' usernames and passwords in cleartext.
https://nvd.nist.gov/vuln/detail/CVE-2024-25658

Categories

CWE-312 : Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.) When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301] Remote Terminal Unit (RTU) uses a driver that relies on a password stored in plaintext. password and username stored in cleartext in a cookie password stored in cleartext in a file with insecure permissions chat program disables SSL in some circumstances even when the user says to use SSL. Chain: product uses an incorrect public exponent when generating an RSA key, which effectively disables the encryption storage of unencrypted passwords in a database storage of unencrypted passwords in a database product stores a password in cleartext in memory storage of a secret key in cleartext in a temporary file SCADA product uses HTTP Basic Authentication, which is not encrypted login credentials stored unencrypted in a registry key Plaintext credentials in world-readable file. Password in cleartext in config file. Password in cleartext in config file. Decrypted copy of a message written to disk given a combination of options and when user replies to an encrypted message. Plaintext storage of private key and passphrase in log file when user imports the key. Admin password in plaintext in a cookie. Default configuration has cleartext usernames/passwords in cookie. Usernames/passwords in cleartext in cookies. Authentication information stored in cleartext in a cookie.

References

cve@mitre.org

https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25658

CPE

cpe	start	end

REMEDIATION

EXPLOITS

Exploit-db.com

id	description	date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits

CAPEC

Common Attack Pattern Enumerations and Classifications

id	description	severity
37	Retrieve Embedded Sensitive Data An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack. [Identify Target] Attacker identifies client components to extract information from. These may be binary executables, class files, shared libraries (e.g., DLLs), configuration files, or other system files. [Retrieve Embedded Data] The attacker then uses a variety of techniques, such as sniffing, reverse-engineering, and cryptanalysis to retrieve the information of interest.	Very High

MITRE

Techniques

id	description
T1005	Data from Local System
T1552.004	Unsecured Credentials: Private Keys
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

Mitigations

id	description
T1005	Data loss prevention can restrict access to sensitive data and detect sensitive data that is unencrypted.
T1552.004	Ensure permissions are properly set on folders containing sensitive private keys to prevent unintended access. Additionally, on Cisco devices, set the `nonexportable` flag during RSA key pair generation.
© 2022 The MITRE Corporation. Esta obra se reproduce y distribuye con el permiso de The MITRE Corporation.

Cybersecurity needs ?

Strengthen software security from the outset with our DevSecOps expertise

Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.

Discover this offer

Soutenez No Hack Me sur Tipeee