4.4 CVE-2024-35117
IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user.
https://nvd.nist.gov/vuln/detail/CVE-2024-35117
Categories
CWE-312 : Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.) When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301] Remote Terminal Unit (RTU) uses a driver that relies on a password stored in plaintext. password and username stored in cleartext in a cookie password stored in cleartext in a file with insecure permissions chat program disables SSL in some circumstances even when the user says to use SSL. Chain: product uses an incorrect public exponent when generating an RSA key, which effectively disables the encryption storage of unencrypted passwords in a database storage of unencrypted passwords in a database product stores a password in cleartext in memory storage of a secret key in cleartext in a temporary file SCADA product uses HTTP Basic Authentication, which is not encrypted login credentials stored unencrypted in a registry key Plaintext credentials in world-readable file. Password in cleartext in config file. Password in cleartext in config file. Decrypted copy of a message written to disk given a combination of options and when user replies to an encrypted message. Plaintext storage of private key and passphrase in log file when user imports the key. Admin password in plaintext in a cookie. Default configuration has cleartext usernames/passwords in cookie. Usernames/passwords in cleartext in cookies. Authentication information stored in cleartext in a cookie.
References
CPE
REMEDIATION
EXPLOITS
Exploit-db.com
id |
description |
date |
|
No known exploits |
POC Github
Other Nist (github, ...)
CAPEC
Common Attack Pattern Enumerations and Classifications
id |
description |
severity |
37 |
Retrieve Embedded Sensitive Data
An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack. [Identify Target] Attacker identifies client components to extract information from. These may be binary executables, class files, shared libraries (e.g., DLLs), configuration files, or other system files. [Retrieve Embedded Data] The attacker then uses a variety of techniques, such as sniffing, reverse-engineering, and cryptanalysis to retrieve the information of interest. |
Very High |
MITRE
Techniques
id |
description |
T1005 |
Data from Local System |
T1552.004 |
Unsecured Credentials: Private Keys |
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. |
Mitigations
id |
description |
T1005 |
Data loss prevention can restrict access to sensitive data and detect sensitive data that is unencrypted. |
T1552.004 |
Ensure permissions are properly set on folders containing sensitive private keys to prevent unintended access. Additionally, on Cisco devices, set the `nonexportable` flag during RSA key pair generation. |
© 2022 The MITRE Corporation. Esta obra se reproduce y distribuye con el permiso de The MITRE Corporation. |
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
Discover this offer