CVE-2020-1621
08.04.2020, 20:15
A local, authenticated user with shell can obtain the hashed values of login passwords via configd traces. This issue affects all versions of Junos OS Evolved prior to 19.3R1.Enginsight
| Vendor | Product | Version |
|---|---|---|
| juniper | junos_os_evolved | 𝑥 < 19.3r1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-664 - Improper Control of a Resource Through its LifetimeThe software does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.
- CWE-532 - Insertion of Sensitive Information into Log FileInformation written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.