Products Affected: Junos Space and JA1500 (Junos Space Appliance) Risk Level: High Risk Assessment: CVSSv2 Base Score 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C) CVE:CVE-2013-3497
Problem or Goal:
When administrators or authenticated users are viewing certain configuration related tabs in Junos Space web based user interface, passwords may be exposed on the screen in plaintext. This might reveal the passwords to others who can view the screen. These passwords may allow complete access to the device being configured or viewed. This vulnerability can not be exploited by unauthorized remote users to obtain the passwords.
This vulnerability is fixed in Junos Space 12.3P2.8 or later releases.
Workarounds: There are no workarounds that can mitigate the password exposure issue in the web based user interface. Avoid using Junos Space web based user interface in public places.