CRITICAL🇬🇧 English

CVE-2023-0452

CVSS 9.8v3.1pub. 2023-01-26upd. 2024-11-21

Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Econolite Eos

    APP
    Econolite
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-0451HIGH7.5ten sam produkt

Econolite EOS versions prior to 3.2.23 lack a password requirement for gaining “READONLY” access to log files ...