PT-2020-8135 · Hunesion · Hunesion I-Onenet
Published
2020-02-27
·
Updated
2024-02-14
·
CVE-2017-16900
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Hunesion i-oneNet version 3.0.6042.1200
Description:
The issue allows a local user to access other users' information without authorization through brute force. This is due to incorrect access control in the software.
Recommendations:
For Hunesion i-oneNet version 3.0.6042.1200, consider restricting access to sensitive information and implementing additional security measures to prevent brute force attacks until a patch is available. As a temporary workaround, limit local user privileges to minimize the risk of unauthorized access.
Exploit
Fix
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hunesion I-Onenet