CVE-2019-13421

Summary

Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.

Affected Software

VendorProductVersion RangeStatus
floragunnSearch Guardunspecified < 23.1affected

Weaknesses

  • CWE-522: CWE-522: Insufficiently Protected Credentials

ADP Enrichment

CVE Program Container

Additional References

References