PT-2019-16833 · Elog · Elog

Publicado

2019-12-17

Atualizado

2020-10-15

CVE-2019-3992

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions ELOG versions 3.1.4-57bea22 and below

Description The issue allows a remote unauthenticated attacker to access the server's configuration file by sending an HTTP GET request. This may lead to the disclosure of valid admin usernames and, in older versions, passwords.

Recommendations For versions 3.1.4-57bea22 and below, consider restricting access to the configuration file until a patch is available. As a temporary workaround, limit the information stored in the configuration file to minimize potential damage.

Exploit

Correção

Cleartext Transmission of Sensitive Information

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-319CWE-200

Identificadores relacionados

CVE-2019-3992

Produtos afetados

Elog

PT-2019-16833 · Elog · Elog

CVE-2019-3992

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8