Nepenthe0320

**Name of the Vulnerable Software and Affected Versions** Solar-Log 1000 versions prior to 2.8.2 and build 52-23.04.2013 SL 200 versions prior to 3.0.0-60 SL 500 versions prior to 3.0.0-60 **Description** The issue concerns the storage of plaintext passwords in certain files, specifically export.html, email.html, and sms.html. This affects the ability to secure user credentials properly. **Recommendations** For Solar-Log 1000 versions prior to 2.8.2 and build 52-23.04.2013, update to version 3.0.0-60 or later. For SL 200 and SL 500, update to version 3.0.0-60 or later. As a temporary workaround, consider restricting access to the export.html, email.html, and sms.html files until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Solar-Log 1000 versions prior to v2.8.2 and build 52- 23.04.2013 Solar-Log 250, 300, 1200, 2000, SL 50 Gateway versions prior to 4.2.8 SL Base versions prior to 5.1.2 and 6.0.0 **Description** The issue is related to incorrect access control, allowing attackers to obtain administrative privileges by connecting to the web administration server. This does not affect SL 200, 500, 1000. **Recommendations** For Solar-Log 1000 versions prior to v2.8.2 and build 52- 23.04.2013, update to version v2.8.2 or later. For Solar-Log 250, 300, 1200, 2000, SL 50 Gateway versions prior to 4.2.8, update to version 4.2.8 or later. For SL Base versions prior to 5.1.2 and 6.0.0, update to version 5.1.2 or 6.0.0 or later.