CVE-2022-4308 MEDIUM

CVE-2022-4308: Clear-text passwords in configuration files

Vendor Secomea
Product GateManager
Weakness CWE-256
Published April 19, 2023
Last update February 5, 2025

CVSS base score

6.1/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is leaked.

Key dates

02Disclosure timeline

April 19, 2023 CVE published
February 5, 2025 Record updated