Cleartext Password Logging Vulnerability in Intel WiMAX Network Service
CVE-2013-4217

Currently unrated

Key Information:

Vendor: Intel
Status: Wimax Network Service
Vendor: CVE Published:; 25 August 2013

Summary

The OSAL_Crypt_SetEncryptedPassword function in the OSAL crypt module of the Intel WiMAX Network Service allows local users to retrieve cleartext passwords from log files during password setting attempts. This serious flaw, present in Intel Wireless WiMAX Connection 2400 devices up to version 1.5.2, can lead to unauthorized access to sensitive information, exposing users to potential local attacks. Proper management of logging practices is crucial to mitigate the risk associated with this vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=911121

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2013/08/08/17

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Aug 25, 2013
Vulnerability Reserved
Jun 12, 2013