Описание
An Information Exposure issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When an authenticated user uses the Change Password feature on the application, the current password for the user is specified in plaintext. This may allow an attacker who has been authenticated to gain access to the password.
Ссылки
- Third Party AdvisoryVDB Entry
- MitigationThird Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- MitigationThird Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:prominent:multiflex_m10a_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:prominent:multiflex_m10a_controller:-:*:*:*:*:*:*:*
EPSS
Процентиль: 49%
0.00256
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-200
CWE-319
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
An Information Exposure issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When an authenticated user uses the Change Password feature on the application, the current password for the user is specified in plaintext. This may allow an attacker who has been authenticated to gain access to the password.
EPSS
Процентиль: 49%
0.00256
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-200
CWE-319