Webserver Exposes User Credentials Due to Basic Authentication and Unencrypted Port 80
CVE-2023-41926

8.8HIGH

Key Information:

Vendor: Kiloview
Status: P1/p2
Vendor: CVE Published:; 2 July 2024

What is CVE-2023-41926?

A vulnerability exists in certain webserver products where basic authentication is employed for user login to the configuration interface. The lack of encryption on port 80 allows potential attackers to conduct eavesdropping on the network traffic. This vulnerability raises significant concerns regarding user credential security, as intercepted credentials could be exploited for unauthorized access.

Affected Version(s)

P1/P2 All <= 4.8.2605

References

https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 2, 2024
Vulnerability Reserved
Sep 5, 2023

JSON

Kiloview

What is CVE-2023-41926?

Affected Version(s)

References

CVSS V3.1

Timeline