PT-2017-9638 · Lynxspring · Lynxspring Jenesys Bas Bridge
Maxim Rupp
·
Published
2017-02-13
·
Updated
2017-02-17
·
CVE-2016-8361
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
Lynxspring JENEsys BAS Bridge versions 1.1.8 and older
Description
An issue was discovered in the application where it uses a hard-coded username with no password, allowing an attacker to access the system without authentication.
Recommendations
For versions 1.1.8 and older, consider changing the hard-coded username and implementing a secure password to prevent unauthorized access. As a temporary workaround, restrict access to the system to minimize the risk of exploitation.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lynxspring Jenesys Bas Bridge