Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-25017

Front-end auditlog shows passwords in plaintext (CVE-2024-36460)

XMLWordPrintable

      Mitre ID CVE-2024-36460
      CVSS score 8.1
      CVSS vector https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
      Severity High
      Summary Front-end audit log shows passwords in plaintext
      Description The front-end audit log allows viewing of unprotected/unmasked plaintext passwords, where the passwords are displayed in plain text.
      Common Weakness Enumeration (CWE) CWE-256: Plaintext Storage of a Password
      Common Attack Pattern Enumeration and Classification (CAPEC) CAPEC-37 Retrieve Embedded Sensitive Data
      Known attack vectors Sensitive password data can be extracted from the audit log and exploited in impersonation attacks.
      Details  
      Patch provided  No
      Component/s Frontend
      Affected and fixed version/s 5.0.0 - 5.0.42 / 5.0.43rc1
      6.0.0 - 6.0.30 / 6.0.31rc1
      6.4.0 - 6.4.15 / 6.4.16rc1
      7.0.0alpha1 - 7.0.0 / 7.0.1rc1
      Fix compatibility tests -
      Resolution Fixed
      Workarounds -
      Acknowledgements -

            zabbix.support Zabbix Support Team
            mmelnikovs Maris Melnikovs
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: