RVD#86: Wifi and XMPP plaintext password storage could lead to sensitive data loss

[aliasbot]

{
    "id": 86,
    "title": "RVD#86: Wifi and XMPP plaintext password storage could lead to sensitive data loss",
    "type": "vulnerability",
    "description": "An attacker could dump the wifi and XMPP credentials stored in plaintext by the robot, by using the already present code execution vulnerability via the usb port. Leveraging to compromise of the network where the robot is connected.",
    "cwe": "CWE-Plaintext Storage of a Password (CWE-256)",
    "cve": "None",
    "keywords": [
        "malformed",
        "robot",
        "robot: Vgo",
        "severity: high",
        "state: new",
        "vendor: Vecna",
        "vulnerability"
    ],
    "system": "Vgo",
    "vendor": "Vecna",
    "severity": {
        "rvss-score": "None",
        "rvss-vector": "RVSS:1.0/AV:PP/AC:H/PR:N/UI:N/Y:Z/S:C/C:H/I:H/A:H/H:U",
        "severity-description": "",
        "cvss-score": 0,
        "cvss-vector": ""
    },
    "links": [
        "https://github.com/aliasrobotics/RVD/issues/86"
    ],
    "flaw": {
        "phase": "unknown",
        "specificity": "N/A",
        "architectural-location": "N/A",
        "application": "N/A",
        "subsystem": "N/A",
        "package": "N/A",
        "languages": "None",
        "date-detected": "2018-10-17",
        "detected-by": "",
        "detected-by-method": "N/A",
        "date-reported": "2018-10-17",
        "reported-by": "",
        "reported-by-relationship": "N/A",
        "issue": "https://github.com/aliasrobotics/RVD/issues/86",
        "reproducibility": "",
        "trace": null,
        "reproduction": "",
        "reproduction-image": ""
    },
    "exploitation": {
        "description": "",
        "exploitation-image": "",
        "exploitation-vector": ""
    },
    "mitigation": {
        "description": "",
        "pull-request": "",
        "date-mitigation": null
    }
}

[github-actions[bot]]

Feedback (automatically generated):

• FIXME: Flaw not identified as a vulnerability, weakness or exposure. Have you included # Vulnerability (or Weakness or Exposure) report at the top of the ticket?, see for more information or review other tickets to get inspiration

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.

[github-actions[bot]]

Feedback (automatically generated):

• FIXME: Robot or Robot component not present in summary table or invalid, see for more information or review other tickets and get inspiration

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.