Password Mismanagement in XoruX LPAR2RRD and STOR2RRD Products
CVE-2021-42370

7.5HIGH

Key Information:

Vendor

Xorux

Status
Lpar2rrd
Stor2rrd
Vendor
CVE Published:
8 November 2021

What is CVE-2021-42370?

In certain versions of XoruX LPAR2RRD and STOR2RRD, there is a significant issue regarding password handling. The systems inadvertently expose sensitive information by displaying cleartext passwords in the HTML input fields associated with device properties. This mismanagement of password visibility can lead to unauthorized access if users do not take proper precautions, such as configuring their web browsers to obscure such information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://stor2rrd.com/note730.php
x_refsource_CONFIRM
https://lpar2rrd.com/note730.php
x_refsource_CONFIRM
https://github.com/orangecertcc/security-research/securit...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.