CVE-2018-5266

Name of the Vulnerable Software and Affected Versions Cobham Sea Tel 121 build 222701

Description The issue allows remote attackers to obtain potentially sensitive information about valid usernames by reading the loginName lines at the "js/userLogin.js" URI. Default passwords for standard usernames are listed in the product's documentation, including Dealer with password seatel3, SysAdmin with password seatel2, and User with password seatel1.

Recommendations For Cobham Sea Tel 121 build 222701, consider changing the default passwords for the standard usernames to strong, unique passwords to minimize the risk of exploitation. As a temporary workaround, restrict access to the "js/userLogin.js" URI to prevent unauthorized users from reading sensitive information.