Aethon · Aethon Tug Home Base Server · CVE-2022-1066
**Name of the Vulnerable Software and Affected Versions**
Aethon TUG Home Base Server versions prior to version 24
**Description**
The issue is related to weaknesses in the authorization procedure of the server. It allows a remote attacker to exploit the weakness, potentially enabling them to add and remove arbitrary users. An unauthenticated attacker can freely access hashed user credentials.
**Recommendations**
For versions prior to version 24, update to version 24 or later to resolve the issue. As a temporary workaround, consider restricting access to the server to minimize the risk of exploitation. Avoid using the server for sensitive operations until the issue is resolved.