CVE-2019-0032
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Summary
A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A locally authenticated attacker who is able to access these stored plaintext credentials can use them to login to the Organization. Affected products are: Juniper Networks Service Insight versions from 15.1R1, prior to 18.1R1. Service Now versions from 15.1R1, prior to 18.1R1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Juniper Networks | Service Insight | 15.1R1 < unspecified | affected |
| Juniper Networks | Service Insight | unspecified < 18.1R1 | affected |
| Juniper Networks | Service Now | 15.1R1 < unspecified | affected |
| Juniper Networks | Service Now | unspecified < 18.1R1 | affected |
Weaknesses
- CWE-256: CWE-256 Unprotected Storage of Credentials
Workarounds
There are no workarounds for this issue. To reduce the risk of exploitation of this issue use access lists or firewall filters to limit access to the device(s) via all means to only trusted administrative networks, hosts and users.
ADP Enrichment
CVE Program Container
Additional References
- https://kb.juniper.net/JSA10921
- https://kb.juniper.net/KB27572
- http://www.securityfocus.com/bid/107885
References
- https://kb.juniper.net/JSA10921
- https://kb.juniper.net/KB27572
- http://www.securityfocus.com/bid/107885
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.