CVE-2021-42370
HIGHXoruX LPAR2RRD and STOR2RRD 7.21-7.29 - Cleartext Storage of Sensitive Information in HTML Password Fields
Title source: llmDescription
A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires configuring a web browser to display HTML password input fields.)
References (3)
Core 3
Core References
Release Notes, Vendor Advisory x_refsource_confirm
https://stor2rrd.com/note730.php
Release Notes, Vendor Advisory x_refsource_confirm
https://lpar2rrd.com/note730.php
Third Party Advisory x_refsource_misc
https://github.com/orangecertcc/security-research/security/advisories/GHSA-f3qp-4xqq-2wjx
Scores
CVSS v3
7.5
EPSS
0.0070
EPSS Percentile
48.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-312
Status
published
Products (2)
xorux/lpar2rrd
7.21 - 7.30
xorux/stor2rrd
7.21 - 7.30
Published
Nov 08, 2021
Tracked Since
Feb 18, 2026