OSA-2019-008: ONAP Portal allows to retrieve password of currently active user
Date: 2019-05-28
CVE: CVE-2019-12122
Severity: Important
Affects
Portal: Dublin and earlier
Description
Krzysztof Opasiak from Samsung reported a vulnerability in Portal. By executing a call to ONAPPORTAL/portalApi/loggedinUser an attacker who posses user’s cookie may retrieve user’s password from the database. All Portal setups are affected.
Patches
Credits
Krzysztof Opasiak from Samsung