CVE-2024-31840

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Italtel Embrace version 1.6.4

Description An issue was discovered where the web application inserts cleartext passwords in the HTML source code. An authenticated user can edit the configuration of the email server. When accessing the edit function, the web application fills the edit form with the current credentials for the email account, including the cleartext password.

Recommendations For Italtel Embrace version 1.6.4, consider restricting access to the edit function for the email server configuration to minimize the risk of exploitation. As a temporary workaround, avoid using the edit function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Cleartext Storage of Sensitive Information

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312CWE-319

Related Identifiers

CVE-2024-31840

Affected Products

Italtel Embrace

CVE-2024-31840

Weakness Enumeration

Related Identifiers

Affected Products

References · 5