PT-2008-1820 · Ge Fanuc · Ge Fanuc Proficy Real-Time Information Portal
Eyal Udassin
·
Published
2008-01-29
·
Updated
2024-02-14
·
CVE-2008-0174
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
GE Fanuc Proficy Real-Time Information Portal versions 2.6 and earlier
Description
The issue allows remote attackers to steal passwords and gain privileges due to the use of HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext.
Recommendations
For GE Fanuc Proficy Real-Time Information Portal versions 2.6 and earlier, consider disabling the use of HTTP Basic Authentication until a more secure authentication method is implemented. Restrict access to sensitive areas of the portal to minimize the risk of exploitation.
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ge Fanuc Proficy Real-Time Information Portal