Clear-text Storage of Credentials in Marvell QConvergeConsole GUI

Clear-text Storage of Credentials in Marvell QConvergeConsole GUI

CVE-2020-5805 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

In Marvell QConvergeConsole GUI <= 5.5.0.74, credentials are stored in cleartext in tomcat-users.xml. OS-level users on the QCC host who are not authorized to use QCC may use the plaintext credentials to login to QCC.

Learn more about our Cis Benchmark Audit For Apache Tomcat.