PT-2017-19087 · Pdq Manufacturing · Laserwash G5 S+9

Billy Rios

+2

·

Publicado

2017-08-07

·

Atualizado

2019-10-09

·

CVE-2017-9632

CVSS v2.0

5.0

Média

VetorAV:N/AC:L/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions PDQ Manufacturing LaserWash G5 and G5 S Series versions all PDQ Manufacturing LaserWash M5 versions all PDQ Manufacturing LaserWash 360 and 360 Plus versions all PDQ Manufacturing LaserWash AutoXpress and AutoExpress Plus versions all PDQ Manufacturing LaserJet versions all PDQ Manufacturing ProTouch Tandem versions all PDQ Manufacturing ProTouch ICON versions all PDQ Manufacturing ProTouch AutoGloss versions all
Description A Missing Encryption of Sensitive Data issue was discovered. The username and password are transmitted insecurely.
Recommendations For all versions of the affected products, consider implementing secure transmission protocols to protect sensitive data, such as encrypting the username and password during transmission. As a temporary workaround, restrict access to sensitive areas of the system that rely on the insecurely transmitted username and password until a proper fix is implemented.

Correção

Missing Encryption of Sensitive Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-311

Identificadores relacionados

CVE-2017-9632

Produtos afetados

Laserjet
Laserwash 360
Laserwash 360 Plus
Laserwash Autoexpress Plus
Laserwash Autoxpress
Laserwash G5 S
Laserwash M5
Protouch Autogloss
Protouch Icon
Protouch Tandem