CVE-2019-12122 : Vulnerability Insights and Analysis
Discover the security vulnerability in ONAP Portal allowing unauthorized access to user passwords. Learn about the impact, affected systems, exploitation, and mitigation steps.
A vulnerability has been found in ONAP Portal starting from the Dublin release, allowing unauthorized access to user passwords.
Understanding CVE-2019-12122
This CVE identifies a security flaw in ONAP Portal that can lead to unauthorized access to sensitive user information.
What is CVE-2019-12122?
An issue in ONAP Portal allows attackers with a user's cookie to retrieve the user's password from the database.
The Impact of CVE-2019-12122
- Unauthorized users can potentially access user passwords stored in the database.
- All installations of the ONAP Portal are affected by this vulnerability.
Technical Details of CVE-2019-12122
This section provides technical insights into the vulnerability.
Vulnerability Description
- Vulnerability found in ONAP Portal from the Dublin release.
- Attacker can retrieve user passwords by calling ONAPPORTAL/portalApi/loggedinUser.
Affected Systems and Versions
- Product: ONAP Portal
- Versions: All versions starting from the Dublin release
Exploitation Mechanism
- Attacker needs the user's cookie to exploit the vulnerability.
Mitigation and Prevention
Protect your systems from CVE-2019-12122 with these steps:
Immediate Steps to Take
- Monitor and restrict access to sensitive endpoints.
- Implement strong authentication mechanisms.
- Regularly audit and review user access.
Long-Term Security Practices
- Conduct regular security training for employees.
- Keep systems and software updated with the latest security patches.
Patching and Updates
- Apply patches and updates provided by ONAP to address this vulnerability.