CVE-2010-0214

Name of the Vulnerable Software and Affected Versions PolyVision RoomWizard version 3.2.3

Description The issue concerns the administrative interface of the PolyVision RoomWizard, where the Sync Connector Active Directory credentials are placed in a web form accessed over HTTP on port 80. This allows remote attackers to obtain sensitive information by reading the HTML source code corresponding to the "/admin/sign/DeviceSynch" API endpoint.

Recommendations For PolyVision RoomWizard version 3.2.3, consider disabling access to the /admin/sign/DeviceSynch API endpoint until a secure method of handling credentials is implemented. Restrict access to the administrative interface to minimize the risk of exploitation. Avoid using HTTP for sensitive operations; instead, use HTTPS to encrypt the communication.