PT-2023-3037 · Honeywell · Honeywell Onewireless
Published
2023-05-30
·
Updated
2023-06-06
·
CVE-2022-43485
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Honeywell OneWireless version 322.1
Description
The issue is related to the use of insufficiently random values in Honeywell OneWireless, which may allow a remote attacker to manipulate claims in a client's JWT token, potentially gaining access to confidential information.
Recommendations
For Honeywell OneWireless version 322.1, update to a version that addresses the use of insufficiently random values to prevent potential manipulation of client JWT tokens.
Fix
Use of Insufficiently Random Values
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Honeywell Onewireless