PT-2023-26095 · Unknown · I-Doit Open+1
Published
2023-09-09
·
Updated
2023-09-19
·
CVE-2023-37755
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
i-doit pro versions 25 and below
I-doit open versions 25 and below
Description
The software is configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name. Unauthenticated attackers can exploit this to obtain Administrator privileges, resulting in them being able to perform arbitrary system operations or cause a Denial of Service (DoS).
Recommendations
For i-doit pro versions 25 and below, change the default administrator credentials immediately.
For I-doit open versions 25 and below, change the default administrator credentials immediately.
As a temporary workaround, consider restricting access to the administrator account until the issue is resolved.
Exploit
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
I-Doit Open
I-Doit Pro