CVE-2021-0220

MEDIUM Year: 2021
CVSS v3 Score
6.8
Medium
CVSS v2 Score
3.5
Low
Weakness Type
CWE-257
View all →

Vulnerability Description

The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser (for example via XSS) or access cached contents may be able to obtain a copy of credentials managed by Junos Space. The impact of a successful attack includes, but is not limited to, obtaining access to other servers connected to the Junos Space Management Platform. This issue affects Juniper Networks Junos Space versions prior to 20.3R1.

Related Vulnerabilities

CVE-2024-32756

MEDIUM
CVSS:6.8(Medium)

Under certain circumstances the Linux users credentials may be recovered by an authenticated user.

CWE-2572024

CVE-2024-32932

MEDIUM
CVSS:6.8(Medium)

Under certain circumstances the web interface users credentials may be recovered by an authenticated user.

CWE-2572024

CVE-2020-8296

MEDIUM
CVSS:6.7(Medium)

Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured.

CWE-2572020

CVE-2023-2881

MEDIUM
CVSS:6.7(Medium)

Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10.

CWE-2572023

CVE-2018-10622

HIGH
CVSS:7.1(High)

Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data...

CWE-2572018

CVE-2019-1010241

MEDIUM
CVSS:6.5(Medium)

Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config...

CWE-2572019