Password Logging Vulnerability in Stormshield Network Security Products
CVE-2023-28616

7.5HIGH

Key Information:

Vendor: Stormshield
Status: Network Security
Vendor: CVE Published:; 26 December 2023

🔔 Create Stormshield Vulnerability Alert

What is CVE-2023-28616?

A security issue has been identified in Stormshield Network Security (SNS) products that affects user passwords containing an equals sign or space character. In versions prior to 4.3.17, as well as in specific versions 4.4.x up to but not including 4.6.4 and 4.7.x before 4.7.1, the server logs these passwords in cleartext. This poses a significant risk as these potentially sensitive logs may be transmitted to the Syslog component, leading to unauthorized access and exploitation.

References

https://advisories.stormshield.eu/2023-006

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 26, 2023
Vulnerability Reserved
Mar 19, 2023

CVE-2023-28616 Data

JSON