CVE-2020-25754

Name of the Vulnerable Software and Affected Versions: Enphase Envoy versions R3.x and D4.x

Description: A custom PAM module for user authentication in Enphase Envoy devices bypasses traditional authentication methods. This module generates a password from the MD5 hash of the username and serial number. The serial number can be obtained by an unauthenticated user through the "/info.xml" API endpoint. Additionally, attempts to change the user password using tools like passwd have no effect.

Recommendations: For Enphase Envoy versions R3.x and D4.x, as a temporary workaround, consider restricting access to the "/info.xml" API endpoint to prevent unauthenticated users from retrieving the serial number. Avoid using the custom PAM module for user authentication until a proper fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.