PT-2008-1820 · Ge Fanuc · Ge Fanuc Proficy Real-Time Information Portal

Eyal Udassin

Publicado

2008-01-29

Atualizado

2024-02-14

CVE-2008-0174

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions GE Fanuc Proficy Real-Time Information Portal versions 2.6 and earlier

Description The issue allows remote attackers to steal passwords and gain privileges due to the use of HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext.

Recommendations For GE Fanuc Proficy Real-Time Information Portal versions 2.6 and earlier, consider disabling the use of HTTP Basic Authentication until a more secure authentication method is implemented. Restrict access to sensitive areas of the portal to minimize the risk of exploitation.

Correção

Cleartext Storage of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-312

Identificadores relacionados

CVE-2008-0174

Produtos afetados

Ge Fanuc Proficy Real-Time Information Portal

PT-2008-1820 · Ge Fanuc · Ge Fanuc Proficy Real-Time Information Portal

CVE-2008-0174

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8