CVE-2023-46384
Last Updated: March 29, 2024
CVE-2023-46384 — Loytec LINX Configurator Use of Hard-coded Password Authentication Bypass Vulnerability
CVE ID: CVE-2023-46384
Publication Date: 2023-11-27
Severity: High
Affected Vendor
LOYTEC electronics GmbH
Affected Product
- LINX Configurator 7.4.10
Vulnerability Description
A registry key contains hard-coded clear text admin password for recently connected Loytec device, stored as a password cache.
Registry Key Path: Computer\HKEY_CURRENT_USER\SOFTWARE\LOYTEC\LOYTEC LINX Configurator\OhioIni
Value Name: ftp_pass
An attacker obtaining this registry value could potentially connect to and control Loytec devices via the LINX Configurator application.
Solutions & Rules
N/A
Credit
Chizuru Toyama of TXOne Networks
Questions About This Advisory?
Our PSIRT team is here to help with security-related inquiries.
psirt@txone.com