Описание
Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians.
Ссылки
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:econolite:eos:*:*:*:*:*:*:*:*
EPSS
Процентиль: 27%
0.00095
Низкий
9.8 Critical
CVSS3
5.3 Medium
CVSS3
Дефекты
CWE-328
CWE-327
Связанные уязвимости
CVSS3: 5.3
github
около 3 лет назад
All versions of Econolite EOS traffic control software are vulnerable to CWE-328: Use of Weak Hash, and use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians.
EPSS
Процентиль: 27%
0.00095
Низкий
9.8 Critical
CVSS3
5.3 Medium
CVSS3
Дефекты
CWE-328
CWE-327