CVE-2019-13421
N/A
N/A
Summary
Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| floragunn | Search Guard | unspecified < 23.1 | affected |
Weaknesses
- CWE-522: CWE-522: Insufficiently Protected Credentials
ADP Enrichment
CVE Program Container
Additional References
- https://search-guard.com/cve-advisory/
- https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SySS-2018-025.txt
References
- https://search-guard.com/cve-advisory/
- https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SySS-2018-025.txt
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.