CVE-2024-29978

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Nov 26, 2024
CWE ID 256

Summary

CVE-2024-29978 is a newly disclosed vulnerability that exposes a security weakness in certain products. Before any user logs in, user passwords are decrypted and stored in memory. If a coredump file is generated, an attacker could potentially access these decrypted passwords, posing a significant risk to security. For specific product details, refer to the vendor announcements listed under [References]. This issue underscores the importance of secure password management and the protection of system memory.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share