CVE-2019-0032

Name of the Vulnerable Software and Affected Versions Juniper Networks Service Insight versions from 15.1R1 through 18.1R1 Juniper Networks Service Now versions from 15.1R1 through 18.1R1

Description A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A locally authenticated attacker who is able to access these stored plaintext credentials can use them to login to the Organization. The issue is related to errors in managing registration data, which can allow an attacker to gain access to the saved credentials in plaintext.

Recommendations For Juniper Networks Service Insight versions from 15.1R1 through 18.1R1, update to version 18.1R1 or later to resolve the issue. For Juniper Networks Service Now versions from 15.1R1 through 18.1R1, update to version 18.1R1 or later to resolve the issue. As a temporary workaround, consider restricting access to the log files that store the plaintext credentials to minimize the risk of exploitation.