PT-2014-2944 · Thecus · Thecus Nas Server N8800
David Stubley
·
Published
2014-01-24
·
Updated
2014-01-24
·
CVE-2013-5669
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Thecus NAS server N8800 version 5.03.01
Description
The issue concerns the use of cleartext credentials for administrative authentication. This allows remote attackers to obtain sensitive information by sniffing the network.
Recommendations
For Thecus NAS server N8800 version 5.03.01, consider updating the firmware to a version that uses encrypted credentials for administrative authentication. As a temporary workaround, restrict access to the administrative interface to minimize the risk of exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Thecus Nas Server N8800