Plaintext Password Exposure in Octopus Server Web Request Proxy Configuration

Plaintext Password Exposure in Octopus Server Web Request Proxy Configuration

CVE-2021-31820 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown in plaintext in the UI.

Learn more about our Web App Pen Testing.