CVE-2018-6011

Name of the Vulnerable Software and Affected Versions: Green Electronics RainMachine Mini-8 (2nd generation)

Description: The issue concerns the use of the administrator's password hash instead of the password itself for authentication in the time-based one-time-password (TOTP) function. This allows an attacker who obtains the hash value from the rainmachine-settings.sqlite file to exploit the system for remote and local access.

Recommendations: For Green Electronics RainMachine Mini-8 (2nd generation), consider restricting access to the rainmachine-settings.sqlite file to prevent attackers from obtaining the password hash until a fix is available. As a temporary workaround, changing the administrator's password regularly can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.