First published: Fri Apr 23 2021(Updated: )
Wowza Streaming Engine before 4.8.8.01 (in a default installation) has cleartext passwords stored in the conf/admin.password file. A regular local user is able to read usernames and passwords.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Wowza Streaming Engine | <4.8.8.01 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Wowza Streaming Engine vulnerability is CVE-2021-31539.
CVE-2021-31539 has a severity rating of 5.5 (medium).
The affected software for CVE-2021-31539 is Wowza Streaming Engine before version 4.8.8.01 in a default installation.
In this vulnerability, cleartext passwords are stored in the conf/admin.password file.
A regular local user is able to read usernames and passwords in this vulnerability.