Insecure Password Storage Vulnerability on MOXA EDS-G512E Devices
CVE-2017-13701

9.8CRITICAL

Key Information:

Vendor: Moxa
Status: Eds-g512e Firmware
Vendor: CVE Published:; 23 November 2017

Summary

A security issue has been identified in MOXA EDS-G512E devices, specifically in version 5.1 build 16072215, where the backup file exposes sensitive information inadequately. The implementation lacks proper salting for password hashing, resulting in passwords stored in plain text without encryption. This flaw poses significant risks to security, as attackers could easily access credentials stored in these backups, underscoring the necessity for robust password protection measures.

References

https://www.sentryo.net/wp-content/uploads/2017/11/Switch...

x_refsource_MISC

http://www.securityfocus.com/bid/101966

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 23, 2017
Vulnerability Reserved
Aug 25, 2017