PT-2022-24114 · Unknown · Bilde2910 Hauk
Published
2022-09-08
·
Updated
2023-08-08
·
CVE-2022-37857
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
bilde2910 Hauk version 1.6.1
Description
The issue concerns a hardcoded password in bilde2910 Hauk, which is blank by default. This password is hashed and stored in the config.php file on the server, as well as in clear-text on the Android client device.
Recommendations
For version 1.6.1, consider changing the hardcoded password to a unique and secure value, and ensure it is not stored in clear-text on client devices. As a temporary workaround, restrict access to the config.php file to minimize the risk of exploitation.
Fix
Using Hardcoded Credentials
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Bilde2910 Hauk