PT-2023-29993 · Loytec Electronics Gmbh · Linx Configurator

Chizuru Toyama

Publicado

2023-11-30

Atualizado

2024-09-20

CVE-2023-46384

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions LOYTEC electronics GmbH LINX Configurator (all versions)

Description The issue concerns insecure permissions in the LINX Configurator, where credentials are stored in cleartext. This allows remote attackers to disclose the admin password and bypass authentication to login to the Loytec device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Cleartext Storage of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-312

Identificadores relacionados

CVE-2023-46384

Produtos afetados

Linx Configurator

PT-2023-29993 · Loytec Electronics Gmbh · Linx Configurator

CVE-2023-46384

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10