Loytec LINX Configurator Use of Hard-coded Password Authentication Bypass Vulnerability
2023-11-27
| CVE ID | CVE-2023-46384 |
|---|---|
| Severity | High |
| Affected Vendors | LOYTEC electronics GmbH |
| Affected Products | LINX Configurator 7.4.10 |
| Vulnerability Details | Following registry key contains hard-coded clear text admin password for recently connected Loytec device. (password cache) If an attacker succeeds in getting this registry key value, attackers could connect and control Loytec devices via LINX configurator.
Key: Computer\HKEY_CURRENT_USER\SOFTWARE\LOYTEC\LOYTEC LINX Configurator\OhioIni |
| Solutions & Rules | N/A |
| Credit | Chizuru Toyama of TXOne Networks |