Vulnerability Description
A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires configuring a web browser to display HTML password input fields.)
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xorux | Lpar2Rrd | >= 7.21, < 7.30 |
| Xorux | Stor2Rrd | >= 7.21, < 7.30 |
Related Weaknesses (CWE)
References
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-f3qp-Third Party Advisory
- https://lpar2rrd.com/note730.phpRelease NotesVendor Advisory
- https://stor2rrd.com/note730.phpRelease NotesVendor Advisory
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-f3qp-Third Party Advisory
- https://lpar2rrd.com/note730.phpRelease NotesVendor Advisory
- https://stor2rrd.com/note730.phpRelease NotesVendor Advisory
FAQ
What is CVE-2021-42370?
CVE-2021-42370 is a vulnerability with a CVSS score of 7.5 (HIGH). A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passw...
How severe is CVE-2021-42370?
CVE-2021-42370 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-42370?
Check the references section above for vendor advisories and patch information. Affected products include: Xorux Lpar2Rrd, Xorux Stor2Rrd.