CVE-2020-5721 - OpenCVE

MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. Keep Password is set by default and, by default Master Password is not set. An attacker with access to the configuration file can extract a username and password to gain access to the router.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mikrotik	Winbox

Configuration 1 [-]

cpe:2.3:o:mikrotik:winbox:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.tenable.com/security/research/tra-2020-23

History

No history.

MITRE

Status: PUBLISHED

Assigner: tenable

Published: 2020-04-15T20:50:45

Updated: 2024-08-04T08:39:25.683Z

Reserved: 2020-01-06T00:00:00

Link: CVE-2020-5721

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-04-15T21:15:36.607

Modified: 2020-04-28T15:44:00.507

Link: CVE-2020-5721

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "MikroTik WinBox", "vendor": "n/a", "versions": [{"status": "affected", "version": "3.22 and below"}]}], "descriptions": [{"lang": "en", "value": "MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. Keep Password is set by default and, by default Master Password is not set. An attacker with access to the configuration file can extract a username and password to gain access to the router."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-260", "description": "CWE-260", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-04-15T20:50:45", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.tenable.com/security/research/tra-2020-23"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnreport@tenable.com", "ID": "CVE-2020-5721", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "MikroTik WinBox", "version": {"version_data": [{"version_value": "3.22 and below"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. Keep Password is set by default and, by default Master Password is not set. An attacker with access to the configuration file can extract a username and password to gain access to the router."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-260"}]}]}, "references": {"reference_data": [{"name": "https://www.tenable.com/security/research/tra-2020-23", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2020-23"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:39:25.683Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.tenable.com/security/research/tra-2020-23"}]}]}, "cveMetadata": {"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2020-5721", "datePublished": "2020-04-15T20:50:45", "dateReserved": "2020-01-06T00:00:00", "dateUpdated": "2024-08-04T08:39:25.683Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mikrotik:winbox:*:*:*:*:*:*:*:*", "matchCriteriaId": "91019170-B8B8-4975-AAB4-AB69278BC874", "versionEndIncluding": "3.22", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. Keep Password is set by default and, by default Master Password is not set. An attacker with access to the configuration file can extract a username and password to gain access to the router."}, {"lang": "es", "value": "MikroTik WinBox versiones 3.22 y por debajo, almacenan la contrase\u00f1a de texto sin cifrar del usuario en el archivo de configuraci\u00f3n settings.cfg.viw cuando se establece el campo Keep Password y Master Password no se establece. Keep Password se establece por defecto y, Master Password por defecto no se establece. Un atacante con acceso al archivo de configuraci\u00f3n puede extraer un nombre de usuario y contrase\u00f1a para conseguir acceso al router."}], "id": "CVE-2020-5721", "lastModified": "2020-04-28T15:44:00.507", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-15T21:15:36.607", "references": [{"source": "vulnreport@tenable.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.tenable.com/security/research/tra-2020-23"}], "sourceIdentifier": "vulnreport@tenable.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-260"}], "source": "vulnreport@tenable.com", "type": "Secondary"}]}