Webserver Exposes User Credentials Due to Basic Authentication and Unencrypted Port 80
CVE-2023-41926
8.8HIGH
What is CVE-2023-41926?
A vulnerability exists in certain webserver products where basic authentication is employed for user login to the configuration interface. The lack of encryption on port 80 allows potential attackers to conduct eavesdropping on the network traffic. This vulnerability raises significant concerns regarding user credential security, as intercepted credentials could be exploited for unauthorized access.
Affected Version(s)
P1/P2 All <= 4.8.2605