CVE-2023-46383 — Loytec LINX Configurator Cleartext Transmission of Sensitive Information Vulnerability

CVE ID: CVE-2023-46383

Publication Date: 2023-11-27

Severity: High

Affected Vendor

LOYTEC electronics GmbH

Affected Product

• LINX Configurator version 7.4.10

Vulnerability Description

Loytec LINX Configurator could be connected to Loytec devices with an administrator credential, and it could configure device settings. The system uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext, so anyone could easily steal credentials if they sniff network traffics.

Once obtaining the admin password, attackers could connect and control Loytec devices via LINX configurator.

Solutions & Rules

N/A

Credit

Chizuru Toyama of TXOne Networks