CVE-2024-25658 Cleartext storage of passwords in Infinera TNMS (Transcend Network Management System) XML file
Public disclosure |
03-06-2025 |
|---|---|
Last updated |
03-06-2025 |
Vulnerability type |
CWE-312: Cleartext Storage of Sensitive Information |
CVSS vector |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
CVSS score |
6.5 |
Description
In TNMS, the SNMP users’ passwords are being encoded as base64. This affects XML exports from the DB.
Affected products and versions
All versions before TNMS V21.00 release.
Mitigation plan
Fix has been provided on top of TNMS V21.00 onwards.
References
Change history : Initial version is published on 03-06-2025