PT-2023-23694 · Enphase · Enphase Installer Toolkit
Published
2023-06-20
·
Updated
2023-06-28
·
CVE-2023-32274
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Enphase Installer Toolkit version 3.27.0
Description
The issue concerns hard-coded credentials embedded in the binary code of the Android application. An attacker can exploit this to gain access to sensitive information.
Recommendations
For Enphase Installer Toolkit version 3.27.0, consider removing or securely storing the hard-coded credentials to prevent unauthorized access. As a temporary workaround, restrict access to sensitive information until a patch is available.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Enphase Installer Toolkit