Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-31041: Insyde Security Advisory 2023047 | Insyde Software

An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure.

CVE
Open in Source
#vulnerability

Insyde ID

Advisory Category

Impact of Vulnerability

Severity Rating

Original Date

Last Revised

INSYDE-SA-2023047

Software

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.1

08/08/2023

08/08/2023

****Summary:****

SysPasswordDxe: Cleartext storage of system password could lead to possible information disclosure.

****Vulnerability Details:****

CVE-2023-31041

An issue was discovered in Insyde InsydeH2O kernel. System password information could optionally be stored in cleartext, which might lead to possible information disclosure.

CWE-256: Plaintext Storage of a Password

Solution Information:
Kernel 5.2: Version 05.28.19
Kernel 5.3: Version 05.37.19
Kernel 5.4: Version 05.45.19
Kernel 5.5: Version 05.53.19
Kernel 5.6: Version 05.60.20

****Revision History:****

Revision

Date

Description

1.0

08/08/2023

Initial Release

Return to Insyde’s Security Pledge

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE