PT-2023-21026 · Makves · Makves Dcap

Ilya Kostyulin

Publicado

2023-06-21

Atualizado

2024-12-06

CVE-2023-27243

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Makves DCAP version 3.0.0.122

Description The issue allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the "product API". This is an access control issue that can be exploited by sending a specifically designed request to the API endpoint.

Recommendations For Makves DCAP version 3.0.0.122, consider restricting access to the product API until a fix is available. As a temporary workaround, limit the exposure of the API to minimize the risk of exploitation.

Correção

Cleartext Storage of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-312

Identificadores relacionados

CVE-2023-27243

Produtos afetados

Makves Dcap

PT-2023-21026 · Makves · Makves Dcap

CVE-2023-27243

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8