CVE-2024-12057

LOW Year: 2024
Weakness Type
CWE-532
View all →

Vulnerability Description

User credentials (login & password) are inserted into log files when a user tries to authenticate using a version of a Web client that is not compatible with that of the PcVue Web back end. By exploiting this vulnerability, an attacker could retrieve the credentials of a user by accessing the Log File. Successful exploitation of this vulnerability could lead to unauthorized access to the application.

Related Vulnerabilities

CVE-2016-2943

LOW
CVSS:1.9(Low)

IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by leveraging unspecified privileges to read a log file.

CWE-5322016

CVE-2021-32724

CRITICAL
CVSS:9.9(Critical)

check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the [check-spelling action](https://github.com/marketplace/actions/check-spelling) en...

CWE-5322021

CVE-2022-36407

CRITICAL
CVSS:9.9(Critical)

Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi Virt...

CWE-5322022

CVE-2016-8233

CRITICAL
CVSS:9.8(Critical)

Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user.

CWE-5322016

CVE-2017-1000171

CRITICAL
CVSS:9.8(Critical)

Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text.

CWE-5322017

CVE-2017-15366

CRITICAL
CVSS:9.8(Critical)

Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password. This password is left behind in a cleartext log file during client ...

CWE-5322017