Cleartext Password Storage Vulnerability in IniNet Embedded Web Server for Windows CE
CVE-2015-1005

Currently unrated

Key Information:

Vendor: Ininet Solutions
Status: Scada Web Server
Vendor: CVE Published:; 25 October 2015

🔔 Create Ininet Solutions Vulnerability Alert

What is CVE-2015-1005?

The IniNet Embedded Web Server (eWebServer) prior to version 2.02 for Windows CE suffers from a security flaw where passwords are stored in cleartext. This design oversight permits attackers to exploit the vulnerability, gaining access to sensitive information by leveraging specific attack vectors. Proper implementation of secure password storage measures is essential to mitigate the potential risks associated with this vulnerability.

References

https://ics-cert.us-cert.gov/advisories/ICSA-15-293-01

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 25, 2015
Vulnerability Reserved
Jan 10, 2015