CVE-2016-10512

Name of the Vulnerable Software and Affected Versions MultiTech FaxFinder versions prior to 4.1.2

Description The issue is related to the storage of passwords in unencrypted form for the test connectivity function of the LDAP configuration. These credentials are retrieved when the LDAP configuration page is opened and are embedded directly into the HTML source code in cleartext. This could allow a remote attacker to impact the confidentiality, integrity, and availability of data using the LDAP configuration page, such as /system configuration/ldap.

Recommendations For versions prior to 4.1.2, update to version 4.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the LDAP configuration page to minimize the risk of exploitation. Avoid using the cleartext credentials in the HTML source code until the issue is resolved.