Webserver Exposes User Credentials Due to Basic Authentication and Unencrypted Port 80
CVE-2023-41926

8.8HIGH

Key Information:

Vendor

Kiloview

Status
Vendor
CVE Published:
2 July 2024

What is CVE-2023-41926?

A vulnerability exists in certain webserver products where basic authentication is employed for user login to the configuration interface. The lack of encryption on port 80 allows potential attackers to conduct eavesdropping on the network traffic. This vulnerability raises significant concerns regarding user credential security, as intercepted credentials could be exploited for unauthorized access.

Affected Version(s)

P1/P2 All <= 4.8.2605

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.