CVE-2021-3130
First published: Wed Jan 20 2021(Updated: )
Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Opmantek Open-AudIT | <=4.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Open-AudIT vulnerability?
The vulnerability ID for this Open-AudIT vulnerability is CVE-2021-3130.
What is the severity of CVE-2021-3130?
The severity of CVE-2021-3130 is medium, with a severity value of 5.9.
What does CVE-2021-3130 allow an attacker to do?
CVE-2021-3130 allows an attacker to change the obfuscation of SSH secrets, Windows passwords, and SNMP strings, making the credentials visible.
What versions of Open-AudIT are affected by CVE-2021-3130?
Open-AudIT up to version 3.5.3 is affected by CVE-2021-3130.
How can I fix CVE-2021-3130?
To fix CVE-2021-3130, it is recommended to upgrade Open-AudIT to version 4.0.2 or later.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/tags
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/opmantek
- canonical/opmantek open-audit
- version/opmantek open-audit/4.0.2