PT-2021-20539 · Unknown · Solar-Log 500+2
Published
2021-12-07
·
Updated
2024-11-11
·
CVE-2021-34544
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Solar-Log 500 versions prior to 2.8.2 Build 52 23.04.2013
Solar-Log 200 versions prior to 3.0.0-60 11.10.2013
Solar-Log 1000 versions prior to 3.0.0-60 11.10.2013
Description:
An issue was discovered in the affected software where cleartext passwords are stored in
/export.html, email.html, and sms.html. This may allow sensitive information to be read by someone with access to the device.Recommendations:
For Solar-Log 500 versions prior to 2.8.2 Build 52 23.04.2013, update to version 3.0.0-60 or later.
For Solar-Log 200 versions prior to 3.0.0-60 11.10.2013, update to version 3.0.0-60 or later.
For Solar-Log 1000 versions prior to 3.0.0-60 11.10.2013, update to version 3.0.0-60 or later.
As a temporary workaround, consider restricting access to the
/export.html, email.html, and sms.html pages until a patch is available.Exploit
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Solar-Log 1000
Solar-Log 200
Solar-Log 500