PT-2022-13019 · Mirupass · Mirupass Pw20+1
Taizoh Tsukamoto
·
Published
2022-01-17
·
Updated
2022-01-26
·
CVE-2022-0183
CVSS v2.0
2.1
Low
| Vector | AV:L/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
MIRUPASS PW10 firmware all versions
MIRUPASS PW20 firmware all versions
Description
The issue concerns a missing encryption of sensitive data, allowing an attacker with physical access to the device to obtain stored passwords.
Recommendations
For MIRUPASS PW10 firmware, consider implementing additional security measures to protect stored passwords until a fix is available.
For MIRUPASS PW20 firmware, restrict physical access to the device to minimize the risk of exploitation.
As a temporary workaround, consider using alternative password storage methods that provide encryption until the issue is resolved.
Fix
Missing Encryption of Sensitive Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mirupass Pw10
Mirupass Pw20