Products
UNKNOWN
Source
productsecurity@jci.com
Tags
CVE-2024-32932 details
Published : July 2, 2024, 3:15 p.m.
Last Modified : July 2, 2024, 5:44 p.m.
Last Modified : July 2, 2024, 5:44 p.m.
Description
Under certain circumstances the web interface users credentials may be recovered by an authenticated user.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6.8 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-257 | Storing Passwords in a Recoverable Format | The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
Base Score
6.8
Exploitability Score
2.3
Impact Score
4.0
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
References
URL | Source |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-07 | productsecurity@jci.com |
https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories | productsecurity@jci.com |
This website uses the NVD API, but is not approved or certified by it.