Home > Vulnerability Database > CVE-2021-3130

Mend.io Vulnerability Database

CVE-2021-3130

Date: January 20, 2021

Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible.

Language: PHP

Severity Score

5.9

Related Resources (4)

Url: https://opmantek.com/network-discovery-inventory-software/

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-3130

Url: https://raw.githubusercontent.com/B0D0B0P0T/CVE/main/CVE-2021-3130

Url: https://www.mend.io/vulnerability-database/CVE-2021-3130

Severity Score

5.9

Weakness Type (CWE)

Insufficiently Protected Credentials

CWE-522

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-3130

Date: January 20, 2021

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?