Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Archive] 2013-05 Security Bulletin: Junos Space: CVE-2013-3497 Password disclosure while viewing configuration

0

0

Article ID: KB27374 KB Last Updated: 28 Feb 2020Version: 2.0
Summary:
Products Affected: Junos Space and JA1500 (Junos Space Appliance)
Risk Level: High
Risk Assessment: CVSSv2 Base Score 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVE: CVE-2013-3497
Symptoms:
When administrators or authenticated users are viewing certain configuration related tabs in Junos Space web based user interface, passwords may be exposed on the screen in plaintext. This might reveal the passwords to others who can view the screen. These passwords may allow complete access to the device being configured or viewed. This vulnerability can not be exploited by unauthorized remote users to obtain the passwords.
Solution:

This vulnerability is fixed in Junos Space 12.3P2.8 or later releases.

Workarounds:
There are no workarounds that can mitigate the password exposure issue in the web based user interface. Avoid using Junos Space web based user interface in public places.

Modification History:

2020-02-28: Archived

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search