CVE-2021-3130 : Within the Open-AudIT up to version 3.5.3 application, the web interface hides S

Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible.

Published 2021-01-20 16:15:15

Updated 2022-07-12 17:42:04

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2021-3130

Opmantek » Open-audit
Versions up to, including, (<=) 4.0.2
cpe:2.3:a:opmantek:open-audit:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-3130

EPSS FAQ

7.16%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 90 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-3130

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N	2.2	3.6	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

References for CVE-2021-3130

https://raw.githubusercontent.com/B0D0B0P0T/CVE/main/CVE-2021-3130

Third Party Advisory
https://opmantek.com/network-discovery-inventory-software/

Network Discovery and Inventory Software | Open-AudIT | Opmantek
Vendor Advisory

Jump to

Vulnerability Details : CVE-2021-3130

Products affected by CVE-2021-3130

Exploit prediction scoring system (EPSS) score for CVE-2021-3130

CVSS scores for CVE-2021-3130

References for CVE-2021-3130