CVE-2019-6158
CVE-2019-6158
In short
Lenovo XClarity Administrator writes HTTP proxy login credentials in clear text to log files, allowing anyone with access to those files to steal them. This only happens if an HTTP proxy with credentials has been configured.
Technical detail
HTTP proxy credentials are logged in plaintext in LXCA versions 2.0.0–2.3.x when proxy authentication is configured. An attacker with local or remote access to log files can extract these credentials without authentication, leading to unauthorized proxy access and potential network interception.
Summary generated and translated by AI from the official description.
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x.
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Affected products
Lenovo · Lenovo XClarity AdministratorWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →