Cleartext Password Exposure in Eaton UPS 9PX 8000 SP Devices
CVE-2018-9279

4.9MEDIUM

Key Information:

Vendor
Eaton
Status
9px Ups Firmware
Vendor
CVE Published:
24 October 2018

Summary

Eaton UPS 9PX 8000 SP devices contain a significant security flaw where user passwords are revealed in cleartext through the web interface. This vulnerability arises because the source code of the displayed webpage leaks sensitive information, allowing unauthorized individuals to retrieve passwords easily by viewing the page's source. As a result, users are at risk of unauthorized access and potential exploitation, highlighting the urgent need for security enhancements to protect user credentials.

References

https://www.bishopfox.com/news/2018/10/eaton-ups-9px-8000...
x_refsource_MISC

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2018-9279 : Cleartext Password Exposure in Eaton UPS 9PX 8000 SP Devices | SecurityVulnerability.io