Loytec LINX Configurator Cleartext Transmission of Sensitive Information Vulnerability



CVE ID CVE-2023-46385
Severity High
Affected Vendors LOYTEC electronics GmbH
Affected Products LINX Configurator 7.4.10
Vulnerability Details When Loytec LINX Configurator connects to a device, it sends HTTP GET request to login. Since cleartext password is passed as an URL parameter, “password” without sufficient protection, anyone could easily steal credentials if they sniff network traffics. Once obtaining the admin password, attackers could connect and control Loytec devices via LINX configurator.
Solutions & Rules N/A
Credit Chizuru Toyama of TXOne Networks