CVE-2024-31840
First published: Tue May 21 2024(Updated: )
An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form with the current credentials for the email account, including the cleartext password.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Italtel Embrace | =1.6.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-31840?
CVE-2024-31840 is considered a significant security vulnerability due to the exposure of cleartext passwords in the HTML source code.
How do I fix CVE-2024-31840?
To fix CVE-2024-31840, update the Italtel Embrace application to the latest version that addresses this vulnerability.
What type of attack can CVE-2024-31840 facilitate?
CVE-2024-31840 can facilitate unauthorized access to sensitive information if an attacker can view the HTML source, potentially leading to credential theft.
Who is affected by CVE-2024-31840?
Users of Italtel Embrace version 1.6.4 are affected by CVE-2024-31840.
Is CVE-2024-31840 a client-side or server-side vulnerability?
CVE-2024-31840 is primarily a client-side vulnerability as it exposes sensitive information through the web application's HTML source.
- agent/references
- agent/type
- agent/description
- agent/author
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- vendor/italtel
- canonical/italtel embrace
- version/italtel embrace/1.6.4