Plaintext Credential Exposure in Brocade SANnav
CVE-2019-16206

5.5MEDIUM

Key Information:

Vendor: Brocade Communications Systems, Inc.
Status: Brocade Sannav
Vendor: CVE Published:; 8 November 2019

What is CVE-2019-16206?

The authentication mechanism in Brocade SANnav versions prior to v2.0 logs sensitive account credentials in plaintext at the 'trace' and 'debug' logging levels. This vulnerability allows a local authenticated attacker to potentially access these logs and obtain confidential information, jeopardizing security protocols and exposing privileged access details. It is crucial for users to update to a secure version to mitigate this risk.

Affected Version(s)

Brocade SANnav versions before v2.0

References

https://www.broadcom.com/support/fibre-channel-networking...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 8, 2019
Vulnerability Reserved
Sep 10, 2019

Brocade Communications Systems, Inc.

What is CVE-2019-16206?

Affected Version(s)

References

CVSS V3.1

Timeline