PTC Vuforia Studio Insufficiently Protected Credentials
CVE-2023-29168
7.5HIGH
What is CVE-2023-29168?
The Vuforia web application by PTC has a significant security flaw due to the absence of HTTPS support. This vulnerability allows the transmission of federated credentials using basic authentication, which could lead to unauthorized access and exposure of sensitive user information. Without encrypted communication, these credentials can be intercepted, putting users at risk. Organizations using Vuforia should take immediate action to address this vulnerability and secure their applications.
Affected Version(s)
Vuforia Studio 0 < 9.9
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Lockheed Martin—Red Team reported these vulnerabilities to PTC.