Password Retrieval Through Insertion of Sensitive Information

CVE-2024-31200

4.6MEDIUM

Key Information

Vendor: Plug&track
Status: Sensor Net Connect V2
Vendor: CVE Published:; 31 July 2024

Summary

A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser.

Affected Version(s)

Sensor Net Connect V2 = 2.24

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jul 31, 2024
Vulnerability Reserved.
Mar 29, 2024

Collectors

NVD DatabaseMitre Database

Credit

Diego Zaffaroni of Nozomi Networks found this bug during a security research activity.