PT-2023-21849 · Stormshield · Stormshield Network Security
Published
2023-12-25
·
Updated
2024-08-20
·
CVE-2023-28616
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Stormshield Network Security (SNS) versions 4.3.x through 4.3.16
Stormshield Network Security (SNS) versions 4.4.x through 4.6.x before 4.6.4
Stormshield Network Security (SNS) versions 4.7.x before 4.7.1
Description
The issue affects user accounts with passwords containing an equals sign or space character. The serverd process logs such passwords in cleartext and potentially sends these logs to the Syslog component.
Recommendations
For versions 4.3.x through 4.3.16, update to version 4.3.17 or later.
For versions 4.4.x through 4.6.x before 4.6.4, update to version 4.6.4 or later.
For versions 4.7.x before 4.7.1, update to version 4.7.1 or later.
As a temporary workaround, consider restricting the use of passwords with equals signs or space characters until a patch is applied.
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Stormshield Network Security