CVE-2023-0451

Name of the Vulnerable Software and Affected Versions Econolite EOS versions prior to 3.2.23

Description The issue concerns a lack of password requirement for gaining "READONLY" access to log files and certain database and configuration files. One such file contains tables with MD5 hashes and usernames for all defined users in the control software, including administrators and technicians.

Recommendations For Econolite EOS versions prior to 3.2.23, update to version 3.2.23 or later to resolve the issue. As a temporary workaround, consider restricting access to the log files and certain database and configuration files to minimize the risk of exploitation.