CVE-2021-37842

HIGH Year: 2021
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-312
View all →

Vulnerability Description

metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger time-stamp attached to it.

Related Vulnerabilities

CVE-2001-1536

HIGH
CVSS:7.5(High)

Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-...

CWE-3122001

CVE-2001-1537

HIGH
CVSS:7.5(High)

The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication informa...

CWE-3122001

CVE-2002-1800

HIGH
CVSS:7.5(High)

phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie, which allows remote attackers to retrieve the administrative password.

CWE-3122002

CVE-2004-2397

HIGH
CVSS:7.5(High)

The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allo...

CWE-3122004

CVE-2005-1828

HIGH
CVSS:7.5(High)

D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information.

CWE-3122005

CVE-2005-2160

HIGH
CVSS:7.5(High)

IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information.

CWE-3122005