PT-2019-16833 · Elog · Elog

Published

2019-12-17

Updated

2020-10-15

CVE-2019-3992

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions ELOG versions 3.1.4-57bea22 and below

Description The issue allows a remote unauthenticated attacker to access the server's configuration file by sending an HTTP GET request. This may lead to the disclosure of valid admin usernames and, in older versions, passwords.

Recommendations For versions 3.1.4-57bea22 and below, consider restricting access to the configuration file until a patch is available. As a temporary workaround, limit the information stored in the configuration file to minimize potential damage.

Exploit

Fix

Cleartext Transmission of Sensitive Information

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319CWE-200

Related Identifiers

CVE-2019-3992

Affected Products

Elog

PT-2019-16833 · Elog · Elog

CVE-2019-3992

Weakness Enumeration

Related Identifiers

Affected Products

References · 8