CVE-2023-31041

Name of the Vulnerable Software and Affected Versions InsydeH2O versions 5.0 through 5.5

Description An issue was discovered in SysPasswordDxe, where system password information could optionally be stored in cleartext, potentially leading to information disclosure. This might allow a remote attacker to access confidential information.

Recommendations For InsydeH2O versions 5.0 through 5.5, consider disabling the storage of system password information in cleartext as a temporary workaround until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.