Cleartext User Password and PSK Leakage in Stormshield SSO Agent Installer Log File

CVE-2022-22703 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer.

Learn more about our User Device Pen Test.