CVE-2021-31539
MEDIUMWowza Streaming Engine < 4.8.8.01 - Cleartext Storage of Sensitive Information in admin.password File
Title source: llmDescription
Wowza Streaming Engine before 4.8.8.01 (in a default installation) has cleartext passwords stored in the conf/admin.password file. A regular local user is able to read usernames and passwords.
References (3)
Core 3
Core References
Product, Vendor Advisory x_refsource_misc
https://www.wowza.com/products/streaming-engine
Exploit, Third Party Advisory x_refsource_misc
https://www.gruppotim.it/redteam
Release Notes, Vendor Advisory x_refsource_misc
https://www.wowza.com/docs/wowza-streaming-engine-4-8-8-01-release-notes#breaking
Scores
CVSS v3
5.5
EPSS
0.0030
EPSS Percentile
21.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-312
Status
published
Products (1)
wowza/streaming_engine
< 4.8.8.01
Published
Apr 23, 2021
Tracked Since
Feb 18, 2026