CVE-2023-50894

Name of the Vulnerable Software and Affected Versions Janitza GridVis versions 9.0.66 and earlier

Description The issue concerns the use of hard-coded credentials in the de.janitza.pasw.feature.impl.activators.PasswordEncryption password encryption function. This allows remote authenticated administrative users to discover cleartext database credentials contained in error report information.

Recommendations For Janitza GridVis versions 9.0.66 and earlier, consider disabling the de.janitza.pasw.feature.impl.activators.PasswordEncryption function until a patch is available to prevent the exposure of cleartext database credentials. Restrict access to error report information to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.