PT-2020-9751 · Comba · Comba Ap2600-I

Published

2020-03-19

Updated

2021-07-21

CVE-2019-15653

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Comba AP2600-I devices through A02,0202N00PD2

Description The issue allows for password disclosure due to an insecure authentication mechanism. The HTML source code of the login page contains values that can be used to obtain the username and password. These values are a double MD5 hash of the plaintext real value, calculated as md5(md5(value)).

Recommendations For Comba AP2600-I devices through A02,0202N00PD2, consider changing the authentication mechanism to a more secure method to prevent password disclosure. As a temporary workaround, restrict access to the login page to minimize the risk of exploitation.

Exploit

Fix

Missing Encryption of Sensitive Data

Insufficiently Protected Credentials

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311CWE-522CWE-327

Related Identifiers

CVE-2019-15653

Affected Products

Comba Ap2600-I

PT-2020-9751 · Comba · Comba Ap2600-I

CVE-2019-15653

Weakness Enumeration

Related Identifiers

Affected Products

References · 3