Clear Text Password Storage in LXCO Product by Lenovo
CVE-2020-8356

4.9MEDIUM

Key Information:

Vendor: Lenovo
Status: Xclarity Orchestrator
Vendor: CVE Published:; 9 March 2021

What is CVE-2020-8356?

An internal audit of Lenovo's LXCO product revealed a security weakness where optional passwords for Syslog and SMTP forwarders, if provided, are recorded in an internal log file in plain text. This log data is captured within the First Failure Data Capture (FFDC) service log, which is only generated upon request from an authorized LXCO user. While access to these logs is restricted to the privileged user who requested them, storing sensitive information in clear text poses significant security risks, including potential exposure to unauthorized users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

XClarity Orchestrator < 1.2.2

References

https://support.lenovo.com/us/en/product_security/LEN-49884

x_refsource_MISC

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 9, 2021
Vulnerability Reserved
Jan 28, 2020

JSON

Lenovo

What is CVE-2020-8356?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.