Vulnerabilities > CVE-2014-2226 - Credentials Management vulnerability in UI Unifi Controller

CVSS 2.6 - LOW

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

high complexity

CWE-255

NVD

Published: 2014-07-29

Updated: 2019-06-10

Summary

Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Ui UI Unifi Controller 2.4.3 UI Unifi Controller 2.4.4 UI Unifi Controller 2.4.5 UI Unifi Controller 2.4.6	4

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Packetstorm

data source	https://packetstormsecurity.com/files/download/127616/ubiquiti-disclose.txt
id	PACKETSTORM:127616
last seen	2016-12-05
published	2014-07-25
reporter	Seth Art
source	https://packetstormsecurity.com/files/127616/Ubiquiti-UbiFi-Controller-2.4.5-Password-Hash-Disclosure.html
title	Ubiquiti UbiFi Controller 2.4.5 Password Hash Disclosure

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Packetstorm

References