Описание
Azure IoT Explorer Information Disclosure Vulnerability
Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
FAQ
What type of information could be disclosed by this vulnerability?
This vulnerability could allow an attacker on the same network to view sensitive data sent through the application’s unencrypted HTTP connection. Depending on how the application is used, this may include device connection information, authentication tokens, request data, file paths, and other information transmitted between the application and the IoT Hub. An attacker who intercepts this data may also be able to obtain device connection strings that could allow them to impersonate a device in the customer’s IoT environment.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Azure IoT Explorer |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
7.5 High
CVSS3
Связанные уязвимости
Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
Уязвимость программного обеспечения Azure IoT Explorer, связанная с передачей критичной информации открытым текстом, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
7.5 High
CVSS3