Loytec Use of Hard-coded Password Authentication Bypass Vulnerability
2023-11-27
| CVE ID | CVE-2023-46388 |
|---|---|
| Severity | High |
| Affected Vendors | LOYTEC electronics GmbH |
| Affected Products | LINX-151, Firmware 7.2.4, LINX-212, firmware 6.2.4 |
| Vulnerability Details | ‘dpal_config.wbx’ file contains hard-coded clear text credentials for smtp client account. If an attacker succeeds in getting dpal_config.zml file, the email account could be compromised. Password should be encrypted. |
| Solutions & Rules | N/A |
| Credit | Chizuru Toyama of TXOne Networks |