EUVD-2025-18193
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3Description
The server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. If an attacker were to intercept traffic between a client and this server, the credentials would be exposed.
Analysis
Cleartext credential transmission vulnerability where a server accepts authentication methods that transmit credentials over unencrypted channels, allowing network-based attackers to intercept and expose user credentials without requiring authentication or user interaction. The vulnerability affects any server implementation supporting plaintext credential transmission over HTTP or other unencrypted protocols. This is a high-severity confidentiality issue (CVSS 7.5) with network-accessible attack vector and no complexity requirements, making it exploitable by unauthenticated remote attackers through passive network interception.
Technical Context
This vulnerability stems from CWE-319 (Cleartext Transmission of Sensitive Information), a fundamental security weakness where authentication credentials are transmitted without encryption. The root cause typically involves servers accepting HTTP Basic Authentication, plaintext login forms, or custom authentication protocols over unencrypted HTTP rather than enforcing HTTPS/TLS. The vulnerability exists at the protocol/configuration layer rather than in specific cryptographic implementations. Affected systems likely include legacy web servers, application servers, APIs, or custom services that support deprecated authentication methods (HTTP Basic Auth, form-based login over HTTP) without mandatory TLS encryption. This represents a violation of secure communication practices and indicates either misconfiguration or deliberate support for legacy clients without modern encryption requirements.
Affected Products
Based on the description, affected products are ANY servers supporting plaintext credential authentication methods. Without specific CPE data provided, this likely includes: (1) Legacy web servers (Apache HTTP Server versions with mod_auth_basic enabled over HTTP, nginx with basic_auth over HTTP), (2) Custom application servers without mandatory TLS enforcement, (3) API gateways accepting plaintext credentials, (4) IoT devices and embedded services with HTTP-only interfaces, (5) Development/testing environments exposing production authentication. Specific version ranges cannot be determined without CPE strings, but affected configurations include: HTTP (unencrypted) services accepting Basic Authentication headers, form-based login over HTTP, custom authentication protocols without encryption. Vendor advisories would need to be cross-referenced from the actual CVE record to identify specific patched versions.
Remediation
Immediate mitigations: (1) Enforce HTTPS/TLS for all authentication endpoints (minimum TLS 1.2, preferably TLS 1.3), (2) Disable HTTP access entirely or implement automatic HTTP-to-HTTPS redirects with HSTS headers, (3) Audit server configurations for disabled plaintext authentication methods, (4) Migrate from HTTP Basic Authentication to token-based methods (OAuth 2.0, JWT) over HTTPS, (5) Implement network segmentation to limit credential exposure risk. Patch deployment: Consult vendor security advisories for specific patched versions that remove plaintext authentication support or mandate TLS. For open-source projects (Apache, nginx), upgrade to versions with security updates that enforce encryption requirements. For custom applications, code review to eliminate any credential transmission outside of TLS-protected channels. Verification: Perform network packet inspection to confirm credentials are not transmitted in cleartext; test with tools like Burp Suite or OWASP ZAP to confirm HTTP credential submission is blocked.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today