Today > | 2 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-12057

Dec. 9, 2024, 7:15 p.m.

Description

User credentials (login & password) are inserted into log files when a user tries to authenticate using a version of a Web client that is not compatible with that of the PcVue Web back end. By exploiting this vulnerability, an attacker could retrieve the credentials of a user by accessing the Log File. Successful exploitation of this vulnerability could lead to unauthorized access to the application.

Weaknesses

CWE-532
Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

CWE ID: 532

Date

Published: Dec. 9, 2024, 7:15 p.m.

Last Modified: Dec. 9, 2024, 7:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932

References

https://www.pcvue.com/ 87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932