Non-encrypted confidential information - JFROG
Description
Confidential information is stored in plain text allowing an attacker to view it without any encryption.
Impact
- Obtain confidential JFrog user information. - Create, edit and delete JFrog user information.
Recommendation
Encrypt all sensitive information that is transported or stored within the application according to the organizations policies.
Threat
External attacker with access to source code.
Expected Remediation Time
⏱️ 30 minutes.
Requirements
134 - Store passwords with salt135 - Passwords with random salt185 - Encrypt sensitive information229 - Request access credentials264 - Request authenticationFixes
Score
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
Attack vector
N
Attack complexity
L
Attack requirements
N
Privileges required
L
User interaction
N
Confidentiality (VC)
H
Integrity (VI)
H
Availability (VA)
H
Confidentiality (SC)
L
Integrity (SI)
L
Availability (SA)
L
Threat 4.0
Exploit maturity
X
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L