Описание
bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded password is hashed but stored within the config.php file server-side as well as in clear-text on the android client device by default.
Ссылки
- https://gainsec.com/2022/08/07/cve-2022-hardcoded-creds-weak-password-hauk-android-location-sharing/Third Party Advisory
- Issue TrackingThird Party Advisory
- https://gainsec.com/2022/08/07/cve-2022-hardcoded-creds-weak-password-hauk-android-location-sharing/Third Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:hauk_project:hauk:1.6.1:*:*:*:*:*:*:*
EPSS
Процентиль: 29%
0.00104
Низкий
7.5 High
CVSS3
Дефекты
CWE-312
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded password is hashed but stored within the config.php file server-side as well as in clear-text on the android client device by default.
EPSS
Процентиль: 29%
0.00104
Низкий
7.5 High
CVSS3
Дефекты
CWE-312