Knowledge Center Search


 

2013-05 Security Bulletin: Junos Space: CVE-2013-3497 Password disclosure while viewing configuration

  [KB27374] Show KB Properties

  [KB27374] Hide KB Properties

Categories:
Knowledge Base ID: KB27374
Last Updated: 08 May 2013
Version: 1.0

Summary:
Products Affected: Junos Space and JA1500 (Junos Space Appliance)
Risk Level: High
Risk Assessment: CVSSv2 Base Score 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVE: CVE-2013-3497

Problem or Goal:
When administrators or authenticated users are viewing certain configuration related tabs in Junos Space web based user interface, passwords may be exposed on the screen in plaintext. This might reveal the passwords to others who can view the screen. These passwords may allow complete access to the device being configured or viewed. This vulnerability can not be exploited by unauthorized remote users to obtain the passwords.

Cause:
 

Solution:

This vulnerability is fixed in Junos Space 12.3P2.8 or later releases.

Workarounds:
There are no workarounds that can mitigate the password exposure issue in the web based user interface. Avoid using Junos Space web based user interface in public places.

Purpose:
Defect

Related Links:

 

 

ASK THE KB

Question or KB ID:


 


 

 
Copyright© 1999-2012 Juniper Networks, Inc. All rights reserved.