CVE-2021-3551

HIGH Year: 2021
CVSS v3 Score
7.8
High
CVSS v2 Score
4.4
Medium
Weakness Type
CWE-312
View all →

Vulnerability Description

A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality.

Related Vulnerabilities

CVE-2008-6828

HIGH
CVSS:7.8(High)

Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of t...

CWE-3122008

CVE-2017-1309

HIGH
CVSS:7.8(High)

IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 125463.

CWE-3122017

CVE-2018-12572

HIGH
CVSS:7.8(High)

Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the...

CWE-3122018

CVE-2018-1877

HIGH
CVSS:7.8(High)

IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. IBM X-Force ID: 151713...

CWE-3122018

CVE-2018-19009

HIGH
CVSS:7.8(High)

Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in c...

CWE-3122018

CVE-2019-10453

HIGH
CVSS:7.8(High)

Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

CWE-3122019