CVE-2021-3130

MEDIUM

Open-AudIT <3.5.3 - Info Disclosure

Title source: llm

Description

Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible.

Exploits (2)

nomisec WRITEUP 1 stars

by jet-pentest · poc

https://github.com/jet-pentest/CVE-2021-3130

View Code ZIP pw:eip

nomisec WORKING POC

by lusterx · poc

https://github.com/lusterx/CVE-2021-3130

View Code ZIP pw:eip

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://opmantek.com/network-discovery-inventory-software/

Third Party Advisory x_refsource_misc

https://raw.githubusercontent.com/B0D0B0P0T/CVE/main/CVE-2021-3130

Scores

CVSS v3 5.9

EPSS 0.0063

EPSS Percentile 70.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Status published

Products (1)

opmantek/open-audit < 4.0.2

Published Jan 20, 2021

Tracked Since Feb 18, 2026