7.7 CVE-2024-25661

 

In Infinera TNMS (Transcend Network Management System) 19.10.3, cleartext storage of sensitive information in memory of the desktop application TNMS Client allows guest OS administrators to obtain various users' passwords by reading memory dumps of the desktop application.
https://nvd.nist.gov/vuln/detail/CVE-2024-25661

Categories

CWE-312 : Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.) When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301] Remote Terminal Unit (RTU) uses a driver that relies on a password stored in plaintext. password and username stored in cleartext in a cookie password stored in cleartext in a file with insecure permissions chat program disables SSL in some circumstances even when the user says to use SSL. Chain: product uses an incorrect public exponent when generating an RSA key, which effectively disables the encryption storage of unencrypted passwords in a database storage of unencrypted passwords in a database product stores a password in cleartext in memory storage of a secret key in cleartext in a temporary file SCADA product uses HTTP Basic Authentication, which is not encrypted login credentials stored unencrypted in a registry key Plaintext credentials in world-readable file. Password in cleartext in config file. Password in cleartext in config file. Decrypted copy of a message written to disk given a combination of options and when user replies to an encrypted message. Plaintext storage of private key and passphrase in log file when user imports the key. Admin password in plaintext in a cookie. Default configuration has cleartext usernames/passwords in cookie. Usernames/passwords in cleartext in cookies. Authentication information stored in cleartext in a cookie.

References


 

CPE

cpe start end

REMEDIATION


EXPLOITS

Exploit-db.com

id description date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits

CAPEC

Common Attack Pattern Enumerations and Classifications

id description severity
37 Retrieve Embedded Sensitive Data
Very High

MITRE

Techniques

id description
T1005 Data from Local System
T1552.004 Unsecured Credentials: Private Keys
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

Mitigations

id description
T1005 Data loss prevention can restrict access to sensitive data and detect sensitive data that is unencrypted.
T1552.004 Ensure permissions are properly set on folders containing sensitive private keys to prevent unintended access. Additionally, on Cisco devices, set the `nonexportable` flag during RSA key pair generation.
© 2022 The MITRE Corporation. Esta obra se reproduce y distribuye con el permiso de The MITRE Corporation.