CVE-2019-0032

Summary

A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A locally authenticated attacker who is able to access these stored plaintext credentials can use them to login to the Organization. Affected products are: Juniper Networks Service Insight versions from 15.1R1, prior to 18.1R1. Service Now versions from 15.1R1, prior to 18.1R1.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksService Insight15.1R1 < unspecifiedaffected
Juniper NetworksService Insightunspecified < 18.1R1affected
Juniper NetworksService Now15.1R1 < unspecifiedaffected
Juniper NetworksService Nowunspecified < 18.1R1affected

Weaknesses

  • CWE-256: CWE-256 Unprotected Storage of Credentials

Workarounds

There are no workarounds for this issue. To reduce the risk of exploitation of this issue use access lists or firewall filters to limit access to the device(s) via all means to only trusted administrative networks, hosts and users.

ADP Enrichment

CVE Program Container

Additional References

References