Clear Text Password Storage in LXCO Product by Lenovo
CVE-2020-8356
4.9MEDIUM
What is CVE-2020-8356?
An internal audit of Lenovo's LXCO product revealed a security weakness where optional passwords for Syslog and SMTP forwarders, if provided, are recorded in an internal log file in plain text. This log data is captured within the First Failure Data Capture (FFDC) service log, which is only generated upon request from an authorized LXCO user. While access to these logs is restricted to the privileged user who requested them, storing sensitive information in clear text poses significant security risks, including potential exposure to unauthorized users.
Affected Version(s)
XClarity Orchestrator < 1.2.2