Clear-text logging of custom service account credentials in Gallagher Command Centre

Clear-text logging of custom service account credentials in Gallagher Command Centre

CVE-2019-15294 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in use and the visitor management service is installed, the Windows username and password for this service are logged in cleartext to the Command_centre.log file.

Learn more about our User Device Pen Test.