Alexander Ratelle

**Name of the Vulnerable Software and Affected Versions** The Crimson 3.2 **Description** The issue arises when the Windows-based configuration tool is used to define new passwords for users, and these passwords contain the percent (%) character. This can lead to invalid values being included, potentially truncating the string if a NUL is encountered. As a result, if the simplified password is not detected by the administrator, the device might be left in a vulnerable state due to more easily compromised credentials. It's noted that passwords entered via the Crimson system web server do not suffer from this issue. **Recommendations** For The Crimson 3.2, avoid using passwords that contain the percent (%) character until a fix is available. As a temporary workaround, consider manually reviewing and verifying all passwords defined through the Windows-based configuration tool to ensure they do not contain the percent character, which could lead to compromised credentials.