CVE-2023-46383

Name of the Vulnerable Software and Affected Versions LOYTEC electronics GmbH LINX Configurator (all versions)

Description The issue concerns the use of HTTP Basic Authentication in the LINX Configurator, which transmits usernames and passwords in base64-encoded cleartext. This allows remote attackers to steal the password and gain full control of the Loytec device configuration.

Recommendations For all versions, consider disabling HTTP Basic Authentication as a temporary workaround until a more secure authentication method is implemented. Restrict access to the LINX Configurator to minimize the risk of exploitation. Avoid using the username and password variables in cleartext until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.