Hardcoded credentials

2021-11-0805:15:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.3%

JSON

A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires configuring a web browser to display HTML password input fields.)

CPENameOperatorVersion
lpar2rrdge7.21
lpar2rrdlt7.30
stor2rrdge7.21
stor2rrdlt7.30

Name	Operator	Version
lpar2rrd	ge	7.21
lpar2rrd	lt	7.30
stor2rrd	ge	7.21
stor2rrd	lt	7.30

References

github.com/orangecertcc/security-research/security/advisories/GHSA-f3qp-4xqq-2wjx

lpar2rrd.com/note730.php

stor2rrd.com/note730.php