LOYTEC electronics GmbH LINX Configurator (all versions) uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration.
References
Configurations
History
21 Nov 2024, 08:28
Type | Values Removed | Values Added |
---|---|---|
References | () https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html - Third Party Advisory, VDB Entry | |
References | () https://seclists.org/fulldisclosure/2023/Nov/6 - Mailing List, Third Party Advisory | |
References | () https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/ - |
20 Sep 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) LOYTEC electronics GmbH LINX Configurator (all versions) uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration. | |
References |
|
14 Dec 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Dec 2023, 18:47
Type | Values Removed | Values Added |
---|---|---|
References | () https://seclists.org/fulldisclosure/2023/Nov/6 - Mailing List, Third Party Advisory | |
References | () https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html - Third Party Advisory, VDB Entry | |
CWE | CWE-319 | |
CPE | cpe:2.3:a:loytec:l-inx_configurator:7.4.10:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
First Time |
Loytec
Loytec l-inx Configurator |
30 Nov 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-30 23:15
Updated : 2024-11-21 08:28
NVD link : CVE-2023-46383
Mitre link : CVE-2023-46383
CVE.ORG link : CVE-2023-46383
JSON object : View
Products Affected
loytec
- l-inx_configurator
CWE
CWE-319
Cleartext Transmission of Sensitive Information