Plaintext Password Exposure in Octopus Server Web Request Proxy Configuration
CVE-2021-31820 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown in plaintext in the UI.
Learn more about our Web App Pen Testing.