PT-2022-3655 · Aethon · Aethon Tug Home Base Server
Published
2022-04-12
·
Updated
2023-08-08
·
CVE-2022-1070
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Aethon TUG Home Base Server versions prior to version 24
Description
The issue is related to access to a channel from a non-terminal point, potentially allowing a remote attacker to perform a "man-in-the-middle" attack. An unauthenticated attacker can freely access hashed user credentials.
Recommendations
For versions prior to version 24, update to version 24 or later to resolve the issue. As a temporary workaround, consider restricting access to hashed user credentials until a patch is available. Restrict access to the server to minimize the risk of exploitation.
Fix
Missing Authentication
Missing Authorization
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Aethon Tug Home Base Server