Skip to main content

Non-encrypted confidential information - Hexadecimal

Description

The confidential information is encoded in hexadecimal allowing an attacker to view it in plain text when decoding it.

Impact

Obtain confidential information by decoding hexadecimal.

Recommendation

Use secure encryption methods to encrypt any sensitive information.

Threat

An attacker from an adjacent network performing a sniffing attack.

Score

Default score using CVSS 3.1. It may change depending on the context of the vulnerability.

Base

  • Attack vector: A
  • Attack complexity: H
  • Privileges required: N
  • User interaction: R
  • Scope: U
  • Confidentiality: L
  • Integrity: N
  • Availability: N

Temporal

  • Exploit code madurity: U
  • Remediation level: X
  • Report confidence: X

Result

  • Vector string: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:X/RC:X
  • Score:
    • Base: 2.6
    • Temporal: 2.4
  • Severity:
    • Base: Low
    • Temporal: Low

Requirements