CVE-2024-12012

Name of the Vulnerable Software and Affected Versions 130.8005 TCP/IP Gateway version 12h

Description A CWE-598 issue was discovered where the SHA-1 hash of the password and session tokens are included as part of the URL, exposing them to information leakage scenarios. An attacker capable of accessing such values can exploit this to leak the password hash and session tokens, bypassing the authentication mechanism using a pass-the-hash attack.

Recommendations For version 12h, consider disabling the use of GET request methods with sensitive query strings until a patch is available. Restrict access to sensitive information and session tokens to minimize the risk of exploitation. Avoid using the password and session token variables in URLs to prevent information leakage. At the moment, there is no information about a newer version that contains a fix for this vulnerability.