Vulnerabilities > CVE-2013-3497 - Credentials Management vulnerability in Juniper products
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
NONE Availability impact
NONE Summary
Juniper Junos Space before 12.3P2.8, as used on the JA1500 appliance and in other contexts, includes a cleartext password in a configuration tab, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | Junos Local Security Checks |
NASL id | JUNIPER_SPACE_JSA10567.NASL |
description | According to its self-reported version number, the remote Junos Space version is prior to 12.3P2.8. It is, therefore, affected by a password disclosure vulnerability. When an authenticated user is viewing certain configuration pages in the interface, some passwords may be displayed in plaintext. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 80191 |
published | 2014-12-22 |
reporter | This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/80191 |
title | Juniper Junos Space < 12.3P2.8 Password Disclosure (JSA10567) |
code |
|