Storing Passwords in a Recoverable Format
CVE-2023-31150
8HIGH
Key Information:
- Vendor
- CVE Published:
- 10 May 2023
What is CVE-2023-31150?
A vulnerability has been identified in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system, which involves the insecure storage of passwords in a format that is recoverable by authenticated attackers. This flaw poses a significant security risk, as it can potentially allow unauthorized access to sensitive information and control over automated systems. The issue is documented in SEL Service Bulletin dated November 15, 2022. Organizations using SEL RTAC should review their password storage practices to mitigate this risk.
Affected Version(s)
SEL-2241 RTAC module Linux R122-V0
SEL-2241 RTAC module Linux R122-V0
SEL-2241 RTAC module Linux R122-V0