HTML 'password field' obfuscation vulnerability in Open-AudIT up to version 3.5.3

HTML 'password field' obfuscation vulnerability in Open-AudIT up to version 3.5.3

CVE-2021-3130 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible.

Learn more about our Web App Pen Testing.