Vigil@nce - Junos Space: password reading via the Web Interface
May 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, who can read administrator’s screen, can see the
password displayed on the Junos Space Web Interface, in order to
authenticate on the product.
Impacted products: Junos Space, Junos Space Platform
Severity: 2/4
Creation date: 13/05/2013
DESCRIPTION OF THE VULNERABILITY
The Junos Space Web Interface allows the administrator to edit and
to display the configuration.
However, some passwords are directly displayed on the screen,
without being hidden by asterisks.
An attacker, who can read administrator’s screen, can therefore
see the password displayed on the Junos Space Web Interface, in
order to authenticate on the product.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Junos-Space-password-reading-via-the-Web-Interface-12775