CVE-2023-0452

Name of the Vulnerable Software and Affected Versions Econolite EOS versions prior to 3.2.23

Description The issue concerns the use of a weak hash algorithm for encrypting privileged user credentials. A configuration file, accessible without authentication, utilizes MD5 hashes for credential encryption, including those of administrators and technicians.

Recommendations For versions prior to 3.2.23, update to version 3.2.23 or later to resolve the issue. As a temporary workaround, consider restricting access to the configuration file to minimize the risk of exploitation. Avoid using the MD5 hash algorithm for encrypting credentials until the issue is resolved.