Improper Removal of Sensitive Information Before Storage or Transfer
Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. IRRd does not always filter password hashes in query responses relating to mntner objects and database exports. This may have allowed adversaries to retrieve some of these hashes, perform a brute-force search for the clear-text passphrase, and use these to make unauthorised changes to affected IRR objects. This issue only affected instances …