Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2018-12383

Insufficiently Protected Credentials

Published: Oct 18, 2018 | Modified: Nov 21, 2024
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
5.5 LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2018-12383
CWEhttps://cwe.mitre.org/data/definitions/522.html

If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1.

Weakness 

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Affected Software 

Name Vendor Start Version End Version
Enterprise_linux_desktop Redhat 6.0 (including) 6.0 (including)
Enterprise_linux_desktop Redhat 7.0 (including) 7.0 (including)
Enterprise_linux_server Redhat 6.0 (including) 6.0 (including)
Enterprise_linux_server Redhat 7.0 (including) 7.0 (including)
Enterprise_linux_server_aus Redhat 7.6 (including) 7.6 (including)
Enterprise_linux_server_eus Redhat 7.5 (including) 7.5 (including)
Enterprise_linux_server_eus Redhat 7.6 (including) 7.6 (including)
Enterprise_linux_server_tus Redhat 7.6 (including) 7.6 (including)
Enterprise_linux_workstation Redhat 6.0 (including) 6.0 (including)
Enterprise_linux_workstation Redhat 7.0 (including) 7.0 (including)
Red Hat Enterprise Linux 6 RedHat firefox-0:60.2.1-1.el6 *
Red Hat Enterprise Linux 6 RedHat thunderbird-0:60.2.1-5.el6 *
Red Hat Enterprise Linux 7 RedHat firefox-0:60.2.1-1.el7_5 *
Red Hat Enterprise Linux 7 RedHat thunderbird-0:60.2.1-4.el7_5 *
Firefox Ubuntu bionic *
Firefox Ubuntu devel *
Firefox Ubuntu trusty *
Firefox Ubuntu xenial *
Thunderbird Ubuntu bionic *
Thunderbird Ubuntu devel *
Thunderbird Ubuntu trusty *
Thunderbird Ubuntu upstream *
Thunderbird Ubuntu xenial *

Potential Mitigations 

References  

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use