Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-2368

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-20 Jan, 2009 | 16:00
Updated At-07 Aug, 2024 | 08:58
Rejected At-
Credits

Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:20 Jan, 2009 | 16:00
Updated At:07 Aug, 2024 | 08:58
Rejected At:
▼CVE Numbering Authority (CNA)

Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/33540
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/0145
vdb-entry
x_refsource_VUPEN
http://www.securityfocus.com/bid/33288
vdb-entry
x_refsource_BID
http://securitytracker.com/id?1021608
vdb-entry
x_refsource_SECTRACK
https://rhn.redhat.com/errata/RHSA-2009-0006.html
vendor-advisory
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=452000
x_refsource_CONFIRM
https://rhn.redhat.com/errata/RHSA-2009-0007.html
vendor-advisory
x_refsource_REDHAT
https://exchange.xforce.ibmcloud.com/vulnerabilities/48022
vdb-entry
x_refsource_XF
Hyperlink: http://secunia.com/advisories/33540
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2009/0145
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securityfocus.com/bid/33288
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://securitytracker.com/id?1021608
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://rhn.redhat.com/errata/RHSA-2009-0006.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=452000
Resource:
x_refsource_CONFIRM
Hyperlink: https://rhn.redhat.com/errata/RHSA-2009-0007.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/48022
Resource:
vdb-entry
x_refsource_XF
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/33540
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2009/0145
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securityfocus.com/bid/33288
vdb-entry
x_refsource_BID
x_transferred
http://securitytracker.com/id?1021608
vdb-entry
x_refsource_SECTRACK
x_transferred
https://rhn.redhat.com/errata/RHSA-2009-0006.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=452000
x_refsource_CONFIRM
x_transferred
https://rhn.redhat.com/errata/RHSA-2009-0007.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/48022
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://secunia.com/advisories/33540
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/0145
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securityfocus.com/bid/33288
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://securitytracker.com/id?1021608
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://rhn.redhat.com/errata/RHSA-2009-0006.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=452000
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://rhn.redhat.com/errata/RHSA-2009-0007.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/48022
Resource:
vdb-entry
x_refsource_XF
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:20 Jan, 2009 | 16:30
Updated At:08 Aug, 2017 | 01:30

Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Red Hat, Inc.
redhat
>>certificate_system>>7.2
cpe:2.3:a:redhat:certificate_system:7.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-255Primarynvd@nist.gov
CWE ID: CWE-255
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://secunia.com/advisories/33540secalert@redhat.com
Vendor Advisory
http://securitytracker.com/id?1021608secalert@redhat.com
N/A
http://www.securityfocus.com/bid/33288secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2009/0145secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=452000secalert@redhat.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/48022secalert@redhat.com
N/A
https://rhn.redhat.com/errata/RHSA-2009-0006.htmlsecalert@redhat.com
Vendor Advisory
https://rhn.redhat.com/errata/RHSA-2009-0007.htmlsecalert@redhat.com
N/A
Hyperlink: http://secunia.com/advisories/33540
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://securitytracker.com/id?1021608
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/33288
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/0145
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=452000
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/48022
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://rhn.redhat.com/errata/RHSA-2009-0006.html
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: https://rhn.redhat.com/errata/RHSA-2009-0007.html
Source: secalert@redhat.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

213Records found
CVE-2016-6546
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.59%
||
7 Day CHG~0.00%
Published-13 Jul, 2018 | 20:00
Updated-06 Aug, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
iTrack Easy mobile application stores the user password in base-64 encoding/cleartext

The iTrack Easy mobile application stores the account password used to authenticate to the cloud API in base64-encoding in the cache.db file. The base64 encoding format is considered equivalent to cleartext.

Action-Not Available
Vendor-kkmcniTrack
Product-itrackeasyEasy
CWE ID-CWE-313
Cleartext Storage in a File or on Disk
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-255
Not Available
CVE-2016-6547
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.59%
||
7 Day CHG~0.00%
Published-13 Jul, 2018 | 20:00
Updated-06 Aug, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zizai Tech Nut stores the account password in cleartext

The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file.

Action-Not Available
Vendor-nutspaceZizai Technology
Product-nut_mobileTech Nut Mobile Application
CWE ID-CWE-313
Cleartext Storage in a File or on Disk
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-255
Not Available
CVE-2016-3952
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.40% / 59.66%
||
7 Day CHG~0.00%
Published-06 Feb, 2018 | 18:00
Updated-06 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/template_examples/beautify. NOTE: this issue can be leveraged by remote attackers to gain administrative access.

Action-Not Available
Vendor-web2pyn/a
Product-web2pyn/a
CWE ID-CWE-255
Not Available
CVE-2021-21522
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.04% / 12.21%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-17 Sep, 2024 | 03:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_5290_2-in-1latitude_7210_2-in-1_firmwarelatitude_7280_firmwarelatitude_9410xps_13_9360latitude_5310_2-in-1latitude_7290xps_13_9360_firmwarelatitude_7389latitude_7212_rugged_extreme_tablet_firmwarelatitude_7212_rugged_extreme_tabletlatitude_7490_firmwarelatitude_7420latitude_7480precision_3640_tower_firmwarelatitude_7390_firmwarelatitude_5285_2-in-1precision_5520latitude_5310_2-in-1_firmwarelatitude_7380_firmwarelatitude_7370latitude_7370_firmwarexps_13_9370latitude_7390_2-in-1_firmwareprecision_5510_firmwarelatitude_7285latitude_7390latitude_5289_2-in-1latitude_7420_firmwarelatitude_7480_firmwarelatitude_7290_firmwarelatitude_5289_2-in-1_firmwarelatitude_7210_2-in-1latitude_7310_firmwarelatitude_7390_2-in-1precision_5530_2-in-1precision_5530_2-in-1_firmwarelatitude_5285_2-in-1_firmwarexps_15_9575_2-in-1_firmwarelatitude_9510latitude_5290_2-in-1_firmwareprecision_5510latitude_7380latitude_7490latitude_7389_firmwarelatitude_9410_firmwarelatitude_7410precision_5520_firmwarelatitude_9510_firmwarelatitude_7310xps_15_9575_2-in-1precision_3640_towerlatitude_7285_firmwarexps_13_9370_firmwarelatitude_7280latitude_7410_firmwareCPG BIOS
CWE ID-CWE-255
Not Available
CVE-2007-6340
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.07% / 21.67%
||
7 Day CHG~0.00%
Published-05 Feb, 2008 | 02:00
Updated-07 Aug, 2024 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector (IV), which makes it easier for local users to obtain cleartext passwords.

Action-Not Available
Vendor-moernautn/a
Product-supercryptlsrunasen/a
CWE ID-CWE-255
Not Available
CVE-2020-8968
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.1||HIGH
EPSS-0.12% / 32.51%
||
7 Day CHG~0.00%
Published-17 Dec, 2021 | 16:10
Updated-17 Sep, 2024 | 01:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Parallels Remote Application Server credentials management errors

Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password.

Action-Not Available
Vendor-Parallels International Gmbh
Product-remote_application_serverParallels Remote Application Server (Client)
CWE ID-CWE-255
Not Available
CVE-2007-6267
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.08% / 24.44%
||
7 Day CHG~0.00%
Published-07 Dec, 2007 | 11:00
Updated-07 Aug, 2024 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-edgesight_for_endpointsedgesight_for_netscaleredgesight_for_presentation_servern/a
CWE ID-CWE-255
Not Available
CVE-2007-4526
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.04% / 9.93%
||
7 Day CHG~0.00%
Published-25 Aug, 2007 | 00:00
Updated-07 Aug, 2024 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Client Login Extension (CLE) in Novell Identity Manager before 3.5.1 20070730 stores the username and password in a local file, which allows local users to obtain sensitive information by reading this file.

Action-Not Available
Vendor-netiqn/aNovell
Product-client_login_extension_\(cle\)identity_managern/a
CWE ID-CWE-255
Not Available
CVE-2015-4400
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.15% / 36.10%
||
7 Day CHG~0.00%
Published-06 Feb, 2018 | 16:00
Updated-06 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ring (formerly DoorBot) video doorbells allow remote attackers to obtain sensitive information about the wireless network configuration by pressing the set up button and leveraging an API in the GainSpan Wi-Fi module.

Action-Not Available
Vendor-ringn/a
Product-ringring_firmwaren/a
CWE ID-CWE-255
Not Available
CVE-2014-8335
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.26%
||
7 Day CHG~0.00%
Published-05 Jan, 2018 | 16:00
Updated-06 Aug, 2024 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

(1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.

Action-Not Available
Vendor-wp-dbmanager_projectn/a
Product-wp-dbmanagern/a
CWE ID-CWE-255
Not Available
CVE-2014-6111
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.86%
||
7 Day CHG~0.00%
Published-20 Apr, 2018 | 20:00
Updated-06 Aug, 2024 | 12:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decrypt SIM credentials via unspecified vectors. IBM X-Force ID: 96180.

Action-Not Available
Vendor-n/aIBM Corporation
Product-security_identity_managertivoli_identity_managern/a
CWE ID-CWE-255
Not Available
CVE-2014-1835
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.12%
||
7 Day CHG~0.00%
Published-02 Feb, 2018 | 21:00
Updated-06 Aug, 2024 | 09:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table.

Action-Not Available
Vendor-echor_projectn/a
Product-echorn/a
CWE ID-CWE-255
Not Available
CVE-2007-4656
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.07% / 20.88%
||
7 Day CHG~0.00%
Published-04 Sep, 2007 | 22:00
Updated-07 Aug, 2024 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766.

Action-Not Available
Vendor-backup_managern/a
Product-backup_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-255
Not Available
CWE ID-CWE-310
Not Available
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found