PT-2026-5901 · Hcl+1 · Aion
Published
2026-02-03
·
Updated
2026-04-27
·
CVE-2025-52623
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
HCL AION version 2.0
Description
HCL AION is susceptible to an issue where the autocomplete attribute is not disabled for password fields. This can allow the autocomplete function to store or reveal sensitive credentials, potentially leading to unauthorized access. The issue involves the potential for unintended storage or disclosure of credentials due to autocomplete functionality on password fields.
Recommendations
Disable the autocomplete attribute for all password fields in HCL AION version 2.0.
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aion