Lucene search
PRIOn knowledge basePRION:CVE-2022-45868HistoryNov 23, 2022 - 9:15 p.m.
Default credentials
2022-11-2321:15:00
PRIOn knowledge base
www.prio-n.com
4
default credentials
web-based admin console
h2 database engine
cleartext password
local user access
security vulnerability
DISPUTED The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states “This is not a vulnerability of H2 Console … Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that.”
Related
nvd
nvd
CVE-2022-45868
2022-11-23 21:15:11
cve
cve
CVE-2022-45868
2022-11-23 21:15:11
veracode
veracode
Information Disclosure
2022-11-24 09:07:33
debiancve
debiancve
CVE-2022-45868
2022-11-23 21:15:11
cvelist
cvelist
CVE-2022-45868
2022-11-23 00:00:00
github
github
Password exposure in H2 Database
2022-11-23 21:30:31
osv
osv
Password exposure in H2 Database
2022-11-23 21:30:31
ubuntucve
ubuntucve
CVE-2022-45868
2022-11-23 00:00:00
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00