CVE-2019-0029

Summary

Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users. Using these credentials an attacker can access the Splunk server. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJuniper ATP5.0 < 5.0.3affected

Weaknesses

  • CWE - 256 : Plaintext Storage of a Password

Workarounds

There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk.

ADP Enrichment

CVE Program Container

Additional References

References