Opmantek: >> Open-Audit >> 3.5.1 Security Vulnerabilities
An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution without echoes.
CVSS Score
9.8
EPSS Score
0.01
Published
2021-12-22
Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible.
CVSS Score
5.9
EPSS Score
0.006
Published
2021-01-20