PT-2023-21026 · Makves · Makves Dcap

Ilya Kostyulin

Published

2023-06-21

Updated

2024-12-06

CVE-2023-27243

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Makves DCAP version 3.0.0.122

Description The issue allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the "product API". This is an access control issue that can be exploited by sending a specifically designed request to the API endpoint.

Recommendations For Makves DCAP version 3.0.0.122, consider restricting access to the product API until a fix is available. As a temporary workaround, limit the exposure of the API to minimize the risk of exploitation.

Fix

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312

Related Identifiers

CVE-2023-27243

Affected Products

Makves Dcap

PT-2023-21026 · Makves · Makves Dcap

CVE-2023-27243

Weakness Enumeration

Related Identifiers

Affected Products

References · 8