CVE-2016-10512

{"id": "CVE-2016-10512", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-09-30T01:29:00.367", "references": [{"url": "https://packetstormsecurity.com/files/139844/Multitech-RightFax-Faxfinder-Credential-Disclosure.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://packetstormsecurity.com/files/139844/Multitech-RightFax-Faxfinder-Credential-Disclosure.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for maintaining the test connectivity function of its LDAP configuration. These credentials are retrieved by the system when the LDAP configuration page is opened and are embedded directly into the HTML source code in cleartext."}, {"lang": "es", "value": "Las versiones anteriores a la 4.1.2 de MultiTech FaxFinder almacenan las contrase\u00f1as sin cifrar para mantener la funci\u00f3n de prueba de conectividad de su configuraci\u00f3n LDAP. Estas credenciales son recuperadas por el sistema cuando se abre la p\u00e1gina de configuraci\u00f3n LDAP y se embeben directamente en el c\u00f3digo HTML fuente en texto claro."}], "lastModified": "2024-11-21T02:44:10.447", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:multitech:faxfinder:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "784DCA2F-AFA3-46CB-A4D6-4EBF1E5515A8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}