CVE-2021-28499

MEDIUM Year: 2021
CVSS v3 Score
5.5
Medium
CVSS v2 Score
2.1
Low
Weakness Type
CWE-255
View all →

Vulnerability Description

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This issue affects: Arista Metamako Operating System MOS-0.18 and post releases in the MOS-0.1x train All releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x train

Related Vulnerabilities

CVE-2016-8967

MEDIUM
CVSS:5.5(Medium)

IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user.

CWE-2552016

CVE-2022-25327

MEDIUM
CVSS:5.5(Medium)

The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a deni...

CWE-2552022

CVE-2016-1307

MEDIUM
CVSS:5.4(Medium)

The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an ...

CWE-2552016

CVE-2016-10791

MEDIUM
CVSS:5.3(Medium)

cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559).

CWE-2552016

CVE-2016-2282

MEDIUM
CVSS:5.3(Medium)

Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt credentials, which makes it easier for remote attackers to obtain the associated cleartext ...

CWE-2552016

CVE-2016-2283

MEDIUM
CVSS:5.3(Medium)

Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt data, which makes it easier for remote attackers to obtain the associated cleartext via uns...

CWE-2552016