Nolan B. Kennedy
CVE-2019-10716: Information Disclosure Issue in Verodin Director version 184.108.40.206 and earlier
Updated: Jan 14, 2020
This advisory addresses a Information Disclosure vulnerability in Verodin Director affecting version 220.127.116.11 and earlier where an attacker can reveal usernames and passwords of integrated security technologies via a /integrations.json JSON REST API request.
This issue was reported to and resolved by Verodin in accordance with responsible disclosure guidelines. The vulnerability was originally disclosed in the Verodin product release notes for version 18.104.22.168 (see section "Defects Resolved, Security").
CVE Common Vulnerabilities and Exposures is a dictionary of common names (CVE Identifiers) for publicly known information security vulnerabilities maintained by the MITRE Corporation.
CVSS Common Vulnerability Scoring System is a vendor agnostic, industry open standard designed to convey the severity of a vulnerability. CVSS scores may be used to determine the urgency for update deployment within an organization and can range from 0.0 (no vulnerability) to 10.0 (critical). Customers performing their own risk assessments of vulnerabilities that may impact them can benefit from using the same industry-recognized CVSS metrics.
Mitigations Mitigations are existing conditions that a potential attacker would need to overcome to mount a successful attack or that would limit the severity of an attack. Examples of such conditions include default settings, common configurations and general best practices.
Workarounds Workarounds are settings or configuration changes that a user or administrator can apply to help protect against an attack.
(Screenshot from Verodin product release notes for version 22.214.171.124)