PT-2024-36224 · Campbell Scientific · Campbell Scientific Csi Web Server
Donald Macary
+2
·
Published
2024-05-28
·
Updated
2024-05-29
·
CVE-2024-5434
CVSS v4.0
6.9
Medium
| Vector | AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
Campbell Scientific CSI Web Server (affected versions not specified)
Description:
The issue concerns the storage of web authentication credentials in a file with a specific name. The passwords in this file are stored in a weakly encoded format, which could be decoded if an attacker gains access to the file. Although there is no known method for remote access to the file unless it has been manually renamed, gaining access to the file could allow an attacker to decode the passwords and reuse them to gain unauthorized access.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Campbell Scientific Csi Web Server