CVE Vulnerabilities

CVE-2018-16987

Insufficiently Protected Credentials

Published: Sep 13, 2018 | Modified: Oct 03, 2019
CVSS 3.x
7.2
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code.

Weakness

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Affected Software

Name Vendor Start Version End Version
Squash_tm Squashtest * 1.18.0

Potential Mitigations

References