PT-2023-20655 · Unknown · Thingsboard
Published
2023-02-23
·
Updated
2023-08-29
·
CVE-2023-26462
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ThingsBoard version 3.4.1
Description
The issue allows a remote attacker to gain elevated privileges due to hard-coded service credentials being stored in an insecure format. To exploit this, an attacker would need access to the application server or its source code.
Recommendations
For ThingsBoard version 3.4.1, consider removing or securely storing the hard-coded service credentials to prevent privilege escalation. As a temporary workaround, restrict access to the application server and its source code to minimize the risk of exploitation.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Thingsboard