Makves · Makves Dcap · CVE-2023-27243
**Name of the Vulnerable Software and Affected Versions**
Makves DCAP version 3.0.0.122
**Description**
The issue allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the "product API". This is an access control issue that can be exploited by sending a specifically designed request to the API endpoint.
**Recommendations**
For Makves DCAP version 3.0.0.122, consider restricting access to the product API until a fix is available. As a temporary workaround, limit the exposure of the API to minimize the risk of exploitation.