Описание
MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for maintaining the test connectivity function of its LDAP configuration. These credentials are retrieved by the system when the LDAP configuration page is opened and are embedded directly into the HTML source code in cleartext.
Ссылки
- https://packetstormsecurity.com/files/139844/Multitech-RightFax-Faxfinder-Credential-Disclosure.htmlThird Party AdvisoryVDB Entry
- https://packetstormsecurity.com/files/139844/Multitech-RightFax-Faxfinder-Credential-Disclosure.htmlThird Party AdvisoryVDB Entry
Уязвимые конфигурации
EPSS
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
Связанные уязвимости
MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for maintaining the test connectivity function of its LDAP configuration. These credentials are retrieved by the system when the LDAP configuration page is opened and are embedded directly into the HTML source code in cleartext.
Уязвимость факс-сервера FaxFinder, связанная с ошибками управления регистрационными данными, позволяющая нарушителю воздействовать на конфиденциальность, целостность и доступность данных
EPSS
9.8 Critical
CVSS3
10 Critical
CVSS2