SB2019102816 - Insufficiently protected credentials in file (Alpine package)
Published: October 28, 2019
Security Bulletin ID
SB2019102816
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Insufficiently protected credentials (CVE-ID: CVE-2019-19218)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
BMC Control-M/Agent 7.0.00.000 has Insecure Password Storage.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=dc538f4f70353a02d01dac905fb662412befffbe
- https://git.alpinelinux.org/aports/commit/?id=6d181d271ac91ff2d8302855abd03d6a2be5dc27
- https://git.alpinelinux.org/aports/commit/?id=9746bba8b1ef891f7af4cc454546ad787884bc84
- https://git.alpinelinux.org/aports/commit/?id=9ca7ff46c112e6c03d5874540a286e6e45f1b510
- https://git.alpinelinux.org/aports/commit/?id=9e177e38d94223a06ed62c20ac5ba1e4c0fecf1c
- https://git.alpinelinux.org/aports/commit/?id=33bd61f256dd1826d6a7df5ebb8a9e2fc1125ce1
- https://git.alpinelinux.org/aports/commit/?id=615b572ef6341859fe6be51d0809da4e783eb89e
- https://git.alpinelinux.org/aports/commit/?id=867138742023dde9397648e41743a9173432a7b2
- https://git.alpinelinux.org/aports/commit/?id=a1b2628f20bfa8273eebc1d6f4bb289f8e2937ed
- https://git.alpinelinux.org/aports/commit/?id=a652d113b8d06b185b3974f6ff91c7f9287c1764