Default credentials

2018-10-1813:29:00

PRIOn knowledge base

www.prio-n.com

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

30.9%

JSON

If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1.

CPENameOperatorVersion
ubuntu_linuxeq16.04
ubuntu_linuxeq14.04
ubuntu_linuxeq18.04
debian_linuxeq8.0
debian_linuxeq9.0
firefoxlt62.0
firefox_esrlt60.2.1
thunderbirdlt60.2.1
enterprise_linux_desktopeq7.0
enterprise_linux_desktopeq6.0

Name	Operator	Version
ubuntu_linux	eq	16.04
ubuntu_linux	eq	14.04
ubuntu_linux	eq	18.04
debian_linux	eq	8.0
debian_linux	eq	9.0
firefox	lt	62.0
firefox_esr	lt	60.2.1
thunderbird	lt	60.2.1
enterprise_linux_desktop	eq	7.0
enterprise_linux_desktop	eq	6.0