CVE-2021-3130

Name of the Vulnerable Software and Affected Versions Open-AudIT versions up to 3.5.3

Description The issue concerns the web interface of Open-AudIT, where sensitive information such as SSH secrets, Windows passwords, and SNMP strings are hidden from users using HTML 'password field' obfuscation. However, an attacker can use Developer tools or similar methods to modify this obfuscation, making the credentials visible.

Recommendations For Open-AudIT versions up to 3.5.3, update to a version later than 3.5.3 to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of credential exposure.