CWE-319
Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
CVE-2003-5002 (GCVE-0-2003-5002)
Vulnerability from cvelistv5
Published
2022-03-28 20:45
Modified
2024-08-08 02:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Summary
A vulnerability was found in ISS BlackICE PC Protection. It has been declared as problematic. Affected by this vulnerability is the component Update Handler which allows cleartext transmission of data. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ISS | BlackICE PC Protection |
Version: n/a |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:16.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.295"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BlackICE PC Protection",
"vendor": "ISS",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Marc Ruef"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ISS BlackICE PC Protection. It has been declared as problematic. Affected by this vulnerability is the component Update Handler which allows cleartext transmission of data. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-03T22:16:21",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.295"
}
],
"tags": [
"unsupported-when-assigned"
],
"title": "ISS BlackICE PC Protection Update cleartext transmission",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2003-5002",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "ISS BlackICE PC Protection Update cleartext transmission"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BlackICE PC Protection",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "ISS"
}
]
}
},
"credit": "Marc Ruef",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection. It has been declared as problematic. Affected by this vulnerability is the component Update Handler which allows cleartext transmission of data. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "3.7",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319 Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://vuldb.com/?id.295",
"refsource": "MISC",
"url": "https://vuldb.com/?id.295"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2003-5002",
"datePublished": "2022-03-28T20:45:44",
"dateReserved": "2022-01-28T00:00:00",
"dateUpdated": "2024-08-08T02:35:16.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5638 (GCVE-0-2016-5638)
Vulnerability from cvelistv5
Published
2018-07-24 15:00
Modified
2024-08-06 01:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877. Genie app adds some capabilities over the Web GUI and can be accessed even when you are away from home. A remote attacker can access genie_ping.htm or genie_ping2.htm or genie_ping3.htm page without authentication. Once accessed, the page will be redirected to the aCongratulations2.htma page, which reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:07:59.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WNDR4500",
"vendor": "Netgear",
"versions": [
{
"status": "affected",
"version": "V1.0.1.40_1.0.6877"
}
]
}
],
"datePublic": "2017-01-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877. Genie app adds some capabilities over the Web GUI and can be accessed even when you are away from home. A remote attacker can access genie_ping.htm or genie_ping2.htm or genie_ping3.htm page without authentication. Once accessed, the page will be redirected to the aCongratulations2.htma page, which reveals some sensitive information such as 2.4GHz \u0026 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-24T14:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Netgear has released firmware version 1.0.0.52 for DGN2200 \u0026 1.0.0.28 for DGND3700 to address this issue."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877 reveals some sensitive information such as 2.4GHz \u0026 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5638",
"STATE": "PUBLIC",
"TITLE": "Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877 reveals some sensitive information such as 2.4GHz \u0026 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WNDR4500",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "V1.0.1.40_1.0.6877",
"version_value": "V1.0.1.40_1.0.6877"
}
]
}
}
]
},
"vendor_name": "Netgear"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877. Genie app adds some capabilities over the Web GUI and can be accessed even when you are away from home. A remote attacker can access genie_ping.htm or genie_ping2.htm or genie_ping3.htm page without authentication. Once accessed, the page will be redirected to the aCongratulations2.htma page, which reveals some sensitive information such as 2.4GHz \u0026 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Netgear has released firmware version 1.0.0.52 for DGN2200 \u0026 1.0.0.28 for DGND3700 to address this issue."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5638",
"datePublished": "2018-07-24T15:00:00",
"dateReserved": "2016-06-16T00:00:00",
"dateUpdated": "2024-08-06T01:07:59.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5649 (GCVE-0-2016-5649)
Vulnerability from cvelistv5
Published
2018-07-24 15:00
Modified
2024-08-06 01:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router's web interface.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:08:00.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DGN2200",
"vendor": "Netgear",
"versions": [
{
"status": "affected",
"version": "DGN2200-V1.0.0.50_7.0.50"
}
]
},
{
"product": "DGND3700",
"vendor": "Netgear",
"versions": [
{
"status": "affected",
"version": "DGND3700-V1.0.0.17_1.0.17"
}
]
}
],
"datePublic": "2017-01-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability is in the \u0027BSW_cxttongr.htm\u0027 page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router\u0027s web interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-30T17:06:08",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Netgear has released firmware version 1.0.0.52 for DGN2200 \u0026 1.0.0.28 for DGND3700 to address this issue."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Netgear DGN2200 and DGND3700 disclose the administrator password",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5649",
"STATE": "PUBLIC",
"TITLE": "Netgear DGN2200 and DGND3700 disclose the administrator password"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DGN2200",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "DGN2200-V1.0.0.50_7.0.50",
"version_value": "DGN2200-V1.0.0.50_7.0.50"
}
]
}
},
{
"product_name": "DGND3700",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "DGND3700-V1.0.0.17_1.0.17",
"version_value": "DGND3700-V1.0.0.17_1.0.17"
}
]
}
}
]
},
"vendor_name": "Netgear"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability is in the \u0027BSW_cxttongr.htm\u0027 page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router\u0027s web interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html"
},
{
"name": "http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Netgear has released firmware version 1.0.0.52 for DGN2200 \u0026 1.0.0.28 for DGND3700 to address this issue."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5649",
"datePublished": "2018-07-24T15:00:00",
"dateReserved": "2016-06-16T00:00:00",
"dateUpdated": "2024-08-06T01:08:00.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8444 (GCVE-0-2017-8444)
Vulnerability from cvelistv5
Published
2017-09-28 19:00
Modified
2024-08-05 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Summary
The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Elastic | Elastic Cloud Enterprise |
Version: 1.0.0 and 1.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-0-2-security-update/100247"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Elastic Cloud Enterprise",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "1.0.0 and 1.0.1"
}
]
}
],
"datePublic": "2017-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T18:57:02",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-0-2-security-update/100247"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2017-8444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Elastic Cloud Enterprise",
"version": {
"version_data": [
{
"version_value": "1.0.0 and 1.0.1"
}
]
}
}
]
},
"vendor_name": "Elastic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319: Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-0-2-security-update/100247",
"refsource": "MISC",
"url": "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-0-2-security-update/100247"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2017-8444",
"datePublished": "2017-09-28T19:00:00",
"dateReserved": "2017-05-02T00:00:00",
"dateUpdated": "2024-08-05T16:34:22.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9637 (GCVE-0-2017-9637)
Vulnerability from cvelistv5
Published
2018-05-18 13:00
Modified
2024-09-17 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-319 - Cleartext transmission of sensitive information
Summary
Schneider Electric Ampla MES 6.4 provides capability to interact with data from third party databases. When connectivity to those databases is configured to use a SQL user name and password, an attacker may be able to sniff details from the connection string. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric SE | Ampla MES |
Version: versions 6.4 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:11:02.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-05"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000118/"
},
{
"name": "99469",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99469"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ampla MES",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "versions 6.4 and prior"
}
]
}
],
"datePublic": "2017-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Schneider Electric Ampla MES 6.4 provides capability to interact with data from third party databases. When connectivity to those databases is configured to use a SQL user name and password, an attacker may be able to sniff details from the connection string. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "Cleartext transmission of sensitive information CWE-319",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-19T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-05"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000118/"
},
{
"name": "99469",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99469"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2017-06-30T00:00:00",
"ID": "CVE-2017-9637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ampla MES",
"version": {
"version_data": [
{
"version_value": "versions 6.4 and prior"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Schneider Electric Ampla MES 6.4 provides capability to interact with data from third party databases. When connectivity to those databases is configured to use a SQL user name and password, an attacker may be able to sniff details from the connection string. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext transmission of sensitive information CWE-319"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-05",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-05"
},
{
"name": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000118/",
"refsource": "CONFIRM",
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000118/"
},
{
"name": "99469",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99469"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-9637",
"datePublished": "2018-05-18T13:00:00Z",
"dateReserved": "2017-06-14T00:00:00",
"dateUpdated": "2024-09-17T00:46:48.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0025 (GCVE-0-2018-0025)
Vulnerability from cvelistv5
Published
2018-07-11 18:00
Modified
2024-09-16 17:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
When an SRX Series device is configured to use HTTP/HTTPS pass-through authentication services, a client sending authentication credentials in the initial HTTP/HTTPS session is at risk that these credentials may be captured during follow-on HTTP/HTTPS requests by a malicious actor through a man-in-the-middle attack or by authentic servers subverted by malicious actors. FTP, and Telnet pass-through authentication services are not affected. Affected releases are Juniper Networks SRX Series: 12.1X46 versions prior to 12.1X46-D67 on SRX Series; 12.3X48 versions prior to 12.3X48-D25 on SRX Series; 15.1X49 versions prior to 15.1X49-D35 on SRX Series.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Version: 12.1X46 < 12.1X46-D67 Version: 12.3X48 < 12.3X48-D25 Version: 15.1X49 < 15.1X49-D35 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:16.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.juniper.net/documentation/en_US/junos/topics/concept/firewall-user-authentication-pass-through-understanding.html"
},
{
"name": "104719",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104719"
},
{
"name": "1041316",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041316"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.juniper.net/documentation/en_US/junos/topics/example/security-https-traffic-to-trigger-pass-through-authentication-configuring.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.juniper.net/documentation/en_US/junos/topics/example/firewall-user-authentication-pass-through-configuring-cli.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10858"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"SRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "12.1X46-D67",
"status": "affected",
"version": "12.1X46",
"versionType": "custom"
},
{
"lessThan": "12.3X48-D25",
"status": "affected",
"version": "12.3X48",
"versionType": "custom"
},
{
"lessThan": "15.1X49-D35",
"status": "affected",
"version": "15.1X49",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When an SRX Series device is configured to use HTTP/HTTPS pass-through authentication services, a client sending authentication credentials in the initial HTTP/HTTPS session is at risk that these credentials may be captured during follow-on HTTP/HTTPS requests by a malicious actor through a man-in-the-middle attack or by authentic servers subverted by malicious actors. FTP, and Telnet pass-through authentication services are not affected. Affected releases are Juniper Networks SRX Series: 12.1X46 versions prior to 12.1X46-D67 on SRX Series; 12.3X48 versions prior to 12.3X48-D25 on SRX Series; 15.1X49 versions prior to 15.1X49-D35 on SRX Series."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information.",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-300",
"description": "CWE-300: Channel Accessible by Non-Endpoint (\u0027Man-in-the-Middle\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-27T09:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.juniper.net/documentation/en_US/junos/topics/concept/firewall-user-authentication-pass-through-understanding.html"
},
{
"name": "104719",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104719"
},
{
"name": "1041316",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041316"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.juniper.net/documentation/en_US/junos/topics/example/security-https-traffic-to-trigger-pass-through-authentication-configuring.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.juniper.net/documentation/en_US/junos/topics/example/firewall-user-authentication-pass-through-configuring-cli.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10858"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS:12.1X46-D67, 12.3X48-D25, 15.1X49-D35, 17.3R1 all subsequent releases."
}
],
"source": {
"advisory": "JSA10858",
"defect": [
"1122278"
],
"discovery": "USER"
},
"title": "Junos OS: SRX Series: Credentials exposed when using HTTP and HTTPS Firewall Pass-through User Authentication",
"workarounds": [
{
"lang": "en",
"value": "1. Discontinue use of HTTP/HTTPS Pass-through Firewall User Authentication\n \n2. Use web-redirect when using Pass-through Firewall User Authentication\n\nExample: \nset security policies from-zone * to-zone * policy * then permit firewall-authentication pass-through web-redirect\n\nFor additional configuration guidance, customers should contact JTAC Support."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-07-11T16:00:00.000Z",
"ID": "CVE-2018-0025",
"STATE": "PUBLIC",
"TITLE": "Junos OS: SRX Series: Credentials exposed when using HTTP and HTTPS Firewall Pass-through User Authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"affected": "\u003c",
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "12.1X46",
"version_value": "12.1X46-D67"
},
{
"affected": "\u003c",
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "12.3X48",
"version_value": "12.3X48-D25"
},
{
"affected": "\u003c",
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "15.1X49",
"version_value": "15.1X49-D35"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When an SRX Series device is configured to use HTTP/HTTPS pass-through authentication services, a client sending authentication credentials in the initial HTTP/HTTPS session is at risk that these credentials may be captured during follow-on HTTP/HTTPS requests by a malicious actor through a man-in-the-middle attack or by authentic servers subverted by malicious actors. FTP, and Telnet pass-through authentication services are not affected. Affected releases are Juniper Networks SRX Series: 12.1X46 versions prior to 12.1X46-D67 on SRX Series; 12.3X48 versions prior to 12.3X48-D25 on SRX Series; 15.1X49 versions prior to 15.1X49-D35 on SRX Series."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319: Cleartext Transmission of Sensitive Information."
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-300: Channel Accessible by Non-Endpoint (\u0027Man-in-the-Middle\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/concept/firewall-user-authentication-pass-through-understanding.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/concept/firewall-user-authentication-pass-through-understanding.html"
},
{
"name": "104719",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104719"
},
{
"name": "1041316",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041316"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/example/security-https-traffic-to-trigger-pass-through-authentication-configuring.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/example/security-https-traffic-to-trigger-pass-through-authentication-configuring.html"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/example/firewall-user-authentication-pass-through-configuring-cli.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/example/firewall-user-authentication-pass-through-configuring-cli.html"
},
{
"name": "https://kb.juniper.net/JSA10858",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10858"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS:12.1X46-D67, 12.3X48-D25, 15.1X49-D35, 17.3R1 all subsequent releases."
}
],
"source": {
"advisory": "JSA10858",
"defect": [
"1122278"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "1. Discontinue use of HTTP/HTTPS Pass-through Firewall User Authentication\n \n2. Use web-redirect when using Pass-through Firewall User Authentication\n\nExample: \nset security policies from-zone * to-zone * policy * then permit firewall-authentication pass-through web-redirect\n\nFor additional configuration guidance, customers should contact JTAC Support."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2018-0025",
"datePublished": "2018-07-11T18:00:00Z",
"dateReserved": "2017-11-16T00:00:00",
"dateUpdated": "2024-09-16T17:18:55.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10634 (GCVE-0-2018-10634)
Vulnerability from cvelistv5
Published
2018-08-13 22:00
Modified
2025-05-22 16:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Summary
Communications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Medtronic | MMT- 508 - MiniMed pump |
Version: All versions |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:46.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02"
},
{
"name": "105044",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MMT- 508 - MiniMed pump",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MMT \u2013 511 pump Paradigm",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MMT \u2013 512 / MMT \u2013 712 Paradigm x12",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MMT \u2013 515 / MMT \u2013 715 Paradigm x15",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MMT \u2013 522 / MMT \u2013 722 Paradigm REAL-TIME",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MMT \u2013 522(K) / MMT \u2013 722(K) Paradigm REAL-TIME",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MMT \u2013 523 / MMT \u2013 723 Paradigm Revel",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MMT \u2013 523(K) / MMT \u2013 723(K) Paradigm",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MMT \u2013 554 / MMT \u2013 754 MiniMed Veo",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MMT \u2013 551 / MMT \u2013 751 MiniMed 530G",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Billy Rios, Jesse Young, and Jonathan Butts of Whitescope LLC reported these vulnerabilities to CISA."
}
],
"datePublic": "2018-08-08T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCommunications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers.\u003c/span\u003e\n\n\u003c/p\u003e"
}
],
"value": "Communications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T16:28:03.155Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed.html"
},
{
"name": "105044",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02"
},
{
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/105044"
}
],
"source": {
"advisory": "ICSMA-18-219-02",
"discovery": "EXTERNAL"
},
"title": "Medtronic MiniMed MMT-500/MMT-503 Remote Controllers Cleartext Transmission of Sensitive Information",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe remote option is turned off in the pump by default. \u0026nbsp;\u003c/p\u003e\u003cp\u003eMedtronic is directing all users to stop using their remote controllers, disable the remote option on their insulin pump, and to return the remote controllers to Medtronic. \u003c/p\u003e\u003cp\u003eMedtronic has released \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.medtronic.com/security\"\u003eadditional patient focused information\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eAdditionally, Medtronic will be sending a letter to patients who may still be actively using the remotes in order to inform patients about these security risks, and request patients stop using the remote and return them to Medtronic. \u003c/p\u003e"
}
],
"value": "The remote option is turned off in the pump by default. \u00a0\n\nMedtronic is directing all users to stop using their remote controllers, disable the remote option on their insulin pump, and to return the remote controllers to Medtronic. \n\nMedtronic has released additional patient focused information https://www.medtronic.com/security .\n\nAdditionally, Medtronic will be sending a letter to patients who may still be actively using the remotes in order to inform patients about these security risks, and request patients stop using the remote and return them to Medtronic."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-08-08T00:00:00",
"ID": "CVE-2018-10634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Medtronic insulin pump",
"version": {
"version_data": [
{
"version_value": "MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G communications between the pump and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02"
},
{
"name": "105044",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105044"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10634",
"datePublished": "2018-08-13T22:00:00Z",
"dateReserved": "2018-05-01T00:00:00",
"dateUpdated": "2025-05-22T16:28:03.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14627 (GCVE-0-2018-14627)
Vulnerability from cvelistv5
Published
2018-09-04 12:00
Modified
2024-08-05 09:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections: <transport-config confidentiality="required" trust-in-target="supported"/>
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| [UNKNOWN] | JBoss/WildFly |
Version: 14.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:29:51.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14627"
},
{
"name": "RHSA-2018:3528",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3528"
},
{
"name": "RHSA-2018:3527",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3527"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.jboss.org/browse/WFLY-9107"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20181221-0002/"
},
{
"name": "RHSA-2018:3595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3595"
},
{
"name": "RHSA-2018:3529",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "JBoss/WildFly",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "14.0.0"
}
]
}
],
"datePublic": "2017-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections: \u003ctransport-config confidentiality=\"required\" trust-in-target=\"supported\"/\u003e"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-22T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14627"
},
{
"name": "RHSA-2018:3528",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3528"
},
{
"name": "RHSA-2018:3527",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3527"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.jboss.org/browse/WFLY-9107"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20181221-0002/"
},
{
"name": "RHSA-2018:3595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3595"
},
{
"name": "RHSA-2018:3529",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3529"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-14627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "JBoss/WildFly",
"version": {
"version_data": [
{
"version_value": "14.0.0"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections: \u003ctransport-config confidentiality=\"required\" trust-in-target=\"supported\"/\u003e"
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.3/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14627",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14627"
},
{
"name": "RHSA-2018:3528",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3528"
},
{
"name": "RHSA-2018:3527",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3527"
},
{
"name": "https://issues.jboss.org/browse/WFLY-9107",
"refsource": "CONFIRM",
"url": "https://issues.jboss.org/browse/WFLY-9107"
},
{
"name": "https://security.netapp.com/advisory/ntap-20181221-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181221-0002/"
},
{
"name": "RHSA-2018:3595",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3595"
},
{
"name": "RHSA-2018:3529",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3529"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-14627",
"datePublished": "2018-09-04T12:00:00",
"dateReserved": "2018-07-27T00:00:00",
"dateUpdated": "2024-08-05T09:29:51.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19944 (GCVE-0-2018-19944)
Vulnerability from cvelistv5
Published
2020-12-31 16:33
Modified
2024-09-17 02:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A cleartext transmission of sensitive information vulnerability has been reported to affect certain QTS devices. If exploited, this vulnerability allows a remote attacker to gain access to sensitive information. QNAP have already fixed this vulnerability in the following versions: QTS 4.4.3.1354 build 20200702 (and later)
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| QNAP Systems Inc. | QTS |
Version: unspecified < 4.4.3.1354 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:17.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"build 20200702"
],
"product": "QTS",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "4.4.3.1354",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Independent Security Evaluators"
}
],
"datePublic": "2020-12-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cleartext transmission of sensitive information vulnerability has been reported to affect certain QTS devices. If exploited, this vulnerability allows a remote attacker to gain access to sensitive information. QNAP have already fixed this vulnerability in the following versions: QTS 4.4.3.1354 build 20200702 (and later)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311 Missing Encryption of Sensitive Data",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T16:33:27",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-22"
}
],
"solutions": [
{
"lang": "en",
"value": "QNAP have already fixed this vulnerability in the following versions:\nQTS 4.4.3.1354 build 20200702 (and later)"
}
],
"source": {
"advisory": "QSA-20-22",
"discovery": "EXTERNAL"
},
"title": "Cleartext Transmission of Sensitive Information in SNMP",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2020-12-30T02:55:00.000Z",
"ID": "CVE-2018-19944",
"STATE": "PUBLIC",
"TITLE": "Cleartext Transmission of Sensitive Information in SNMP"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QTS",
"version": {
"version_data": [
{
"platform": "build 20200702",
"version_affected": "\u003c",
"version_value": "4.4.3.1354"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Independent Security Evaluators"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cleartext transmission of sensitive information vulnerability has been reported to affect certain QTS devices. If exploited, this vulnerability allows a remote attacker to gain access to sensitive information. QNAP have already fixed this vulnerability in the following versions: QTS 4.4.3.1354 build 20200702 (and later)"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-311 Missing Encryption of Sensitive Data"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-319 Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-22",
"refsource": "MISC",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-22"
}
]
},
"solution": [
{
"lang": "en",
"value": "QNAP have already fixed this vulnerability in the following versions:\nQTS 4.4.3.1354 build 20200702 (and later)"
}
],
"source": {
"advisory": "QSA-20-22",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2018-19944",
"datePublished": "2020-12-31T16:33:27.820049Z",
"dateReserved": "2018-12-07T00:00:00",
"dateUpdated": "2024-09-17T02:11:00.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5401 (GCVE-0-2018-5401)
Vulnerability from cvelistv5
Published
2018-10-08 15:00
Modified
2024-09-17 03:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Summary
The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus communications. Impact: An attacker can exploit this vulnerability to observe information about configurations, settings, what sensors are present and in use, and other information to aid in crafting spoofed messages. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Auto-Maskin | DCU-210E |
Version: 3.7 < 3.7 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#176301",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/176301"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"ARMv7"
],
"product": "DCU-210E",
"vendor": "Auto-Maskin",
"versions": [
{
"lessThan": "3.7",
"status": "affected",
"version": "3.7",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARMv7"
],
"product": "RP-210E",
"vendor": "Auto-Maskin",
"versions": [
{
"lessThan": "3.7",
"status": "affected",
"version": "3.7",
"versionType": "custom"
}
]
},
{
"platforms": [
"android"
],
"product": "Marine Pro Observer Android App",
"vendor": "Auto-Maskin",
"versions": [
{
"status": "unknown",
"version": "0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reporters: Brian Satira, Brian Olson, Organization: Project Gunsway"
}
],
"datePublic": "2018-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus communications. Impact: An attacker can exploit this vulnerability to observe information about configurations, settings, what sensors are present and in use, and other information to aid in crafting spoofed messages. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-24T14:50:24",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#176301",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/176301"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04"
}
],
"solutions": [
{
"lang": "en",
"value": "The devices should implement Modbus TCP Security Protocol (v21, 2018) per Modbus specifications over port 802 TCP, for Modbus TCP with encryption and authentication."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2018-10-01T04:00:00.000Z",
"ID": "CVE-2018-5401",
"STATE": "PUBLIC",
"TITLE": "The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DCU-210E",
"version": {
"version_data": [
{
"affected": "\u003c",
"platform": "ARMv7",
"version_affected": "\u003c",
"version_name": "3.7",
"version_value": "3.7"
}
]
}
},
{
"product_name": "RP-210E",
"version": {
"version_data": [
{
"affected": "\u003c",
"platform": "ARMv7",
"version_affected": "\u003c",
"version_name": "3.7",
"version_value": "3.7"
}
]
}
},
{
"product_name": "Marine Pro Observer Android App",
"version": {
"version_data": [
{
"affected": "?",
"platform": "android",
"version_affected": "?",
"version_value": "0.1"
}
]
}
}
]
},
"vendor_name": "Auto-Maskin"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Reporters: Brian Satira, Brian Olson, Organization: Project Gunsway"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus communications. Impact: An attacker can exploit this vulnerability to observe information about configurations, settings, what sensors are present and in use, and other information to aid in crafting spoofed messages. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319: Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#176301",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/176301"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04"
}
]
},
"solution": [
{
"lang": "en",
"value": "The devices should implement Modbus TCP Security Protocol (v21, 2018) per Modbus specifications over port 802 TCP, for Modbus TCP with encryption and authentication."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2018-5401",
"datePublished": "2018-10-08T15:00:00Z",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-09-17T03:37:46.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Before transmitting, encrypt the data using reliable, confidentiality-protecting cryptographic protocols.
Mitigation
Phase: Implementation
Description:
- When using web applications with SSL, use SSL for the entire session from login to logout, not just for the initial login page.
Mitigation
Phase: Implementation
Description:
- When designing hardware platforms, ensure that approved encryption algorithms (such as those recommended by NIST) protect paths from security critical data to trusted user applications.
Mitigation
Phase: Testing
Description:
- Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules.
Mitigation
Phase: Operation
Description:
- Configure servers to use encrypted channels for communication, which may include SSL or other secure protocols.
CAPEC-102: Session Sidejacking
Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.
CAPEC-117: Interception
An adversary monitors data streams to or from the target for information gathering purposes. This attack may be undertaken to solely gather sensitive information or to support a further attack against the target. This attack pattern can involve sniffing network traffic as well as other types of data streams (e.g. radio). The adversary can attempt to initiate the establishment of a data stream or passively observe the communications as they unfold. In all variants of this attack, the adversary is not the intended recipient of the data stream. In contrast to other means of gathering information (e.g., targeting data leaks), the adversary must actively position themself so as to observe explicit data channels (e.g. network traffic) and read the content. However, this attack differs from a Adversary-In-the-Middle (CAPEC-94) attack, as the adversary does not alter the content of the communications nor forward data to the intended recipient.
CAPEC-383: Harvesting Information via API Event Monitoring
An adversary hosts an event within an application framework and then monitors the data exchanged during the course of the event for the purpose of harvesting any important data leaked during the transactions. One example could be harvesting lists of usernames or userIDs for the purpose of sending spam messages to those users. One example of this type of attack involves the adversary creating an event within the sub-application. Assume the adversary hosts a "virtual sale" of rare items. As other users enter the event, the attacker records via AiTM (CAPEC-94) proxy the user_ids and usernames of everyone who attends. The adversary would then be able to spam those users within the application using an automated script.
CAPEC-477: Signature Spoofing by Mixing Signed and Unsigned Content
An attacker exploits the underlying complexity of a data structure that allows for both signed and unsigned content, to cause unsigned data to be processed as though it were signed data.
CAPEC-65: Sniff Application Code
An adversary passively sniffs network communications and captures application code bound for an authorized client. Once obtained, they can use it as-is, or through reverse-engineering glean sensitive information or exploit the trust relationship between the client and server. Such code may belong to a dynamic update to the client, a patch being applied to a client component or any such interaction where the client is authorized to communicate with the server.