N/A

CVSS Score

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-528j-9r78-wffx

GHSA-528j-9r78-wffx: etcd user credentials are stored in WAL logs in plaintext

Vulnerability type

Data Exposure

Workarounds

The etcd assumes that the on disk files are secure. The possible fixes have been provided, however, it is the responsibility of the etcd users to make sure that the etcd server WAL log files are secure. The etcd doesn't encrypt key/value data stored on disk drives.

Detail

User credentials (login and password) are stored in WAL entries on each user authentication. If the WAL log files are not secure, it can potentially expose sensitive information.

References

Find out more on this vulnerability in the security audit report

For more information

If you have any questions or comments about this advisory:

Contact the etcd security committee

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-528j-9r78-wffx

GHSA-528j-9r78-wffx:

N/A

CVSS Score

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
go.etcd.io/etcd/client/v3	go	>= 3.4.0, < 3.4.10	3.4.10
go.etcd.io/etcd/client/v3	go	< 3.3.23	3.3.23

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from the Authenticate method in v3_server.go including the user's plaintext password in the InternalAuthenticateRequest struct, which was then written to WAL logs. The security fix (commit 5858140) explicitly removes the Password field from this struct construction, confirming this was the entry point for plaintext credential exposure. The function's role in processing authentication requests and its direct modification in the patch establish it as the vulnerable component.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-528j-9r78-wffx: etcd user credentials are stored in WAL logs in plaintext

Vulnerability type

Workarounds

Detail

References

For more information

GHSA-528j-9r78-wffx:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

GHSA-528j-9r78-wffx: etcd user credentials are stored in WAL logs in plaintext

Vulnerability type

Workarounds

Detail

References

For more information

N/A

N/A

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI