Clear-text Storage of Credentials in Marvell QConvergeConsole GUI
CVE-2020-5805 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
In Marvell QConvergeConsole GUI <= 5.5.0.74, credentials are stored in cleartext in tomcat-users.xml. OS-level users on the QCC host who are not authorized to use QCC may use the plaintext credentials to login to QCC.
Learn more about our Cis Benchmark Audit For Apache Tomcat.