Description


An authenticated malicious user could acquire the simple mail transfer protocol (SMTP) Password in cleartext format, despite it being protected and hidden behind asterisks. The attacker could then perform further attacks using the SMTP credentials.

References


https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-03

Third Party AdvisoryUS Government Resource

Weaknesses



CWE-319

CVSS impact metrics


CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information


Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-03-27T20:15:09.577

1 year ago

Last modified

2023-11-07T04:10:21.203

7 months ago