We found results for “”
WS-2018-0631
Good to know:
Date: February 2, 2018
In “cockroachdb/cockroach”, v1.2-alpha.20171211 to v2.0-alpha.20180129 allow the setting of a user's password in an insecure mode, thus risking the confidealty.
Language: Go
Severity Score
Severity Score
Weakness Type (CWE)
Insufficiently Protected Credentials
CWE-522Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | NONE |