SB2020082524 - Plaintext credentials storage in Emerson OpenEnterprise
Published: August 25, 2020
Security Bulletin ID
SB2020082524
Severity
Low
Patch available
NO
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Unprotected storage of credentials (CVE-ID: CVE-2020-16235)
The vulnerability allows a local user to gain access to other users' credentials.
The vulnerability exists due to application stored credentials in plain text in a configuration file on the system. A local user can view contents of the configuration file and gain access to passwords for 3rd party integration.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.