CVE-2020-35586

Name of the Vulnerable Software and Affected Versions Solstice Pod versions prior to 3.3.0 Solstice Pod version Open4.3

Description The issue allows the Administrator password to be enumerated using brute-force attacks via the "/Config/service/initModel?password=" Solstice Open Control API. This is possible because there is no complexity requirement for the password, meaning it could be all digits or all lowercase letters.

Recommendations For Solstice Pod versions prior to 3.3.0, update to version 3.3.0 or later to resolve the issue. For Solstice Pod version Open4.3, update to a version that includes the necessary security fixes. As a temporary workaround, consider restricting access to the "/Config/service/initModel?password=" API endpoint to minimize the risk of exploitation.