CVE-2021-3130

Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible.

Published: Jan 20, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-3130
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
opmantek / open-audit	-	4.0.2.x

https://opmantek.com/network-discovery-inventory-software/
https://raw.githubusercontent.com/B0D0B0P0T/CVE/main/CVE-2021-3130

Vulnerability Database

290,206

CVE-2021-3130