CVE-2023-46383
Loytec LINX Configurator 7.4.10 Insecure Transit / Cleartext Secrets
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
LOYTEC electronics GmbH LINX Configurator 7.4.10 uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration.
LOYTEC electronics GmbH LINX Configurator 7.4.10 utiliza autenticación básica HTTP, que transmite nombres de usuario y contraseñas en texto plano codificado en base64 y permite a atacantes remotos robar la contraseña y obtener control total de la configuración del dispositivo Loytec.
LOYTEC electronics GmbH LINX Configurator (all versions) uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration.
Loytec LINX Configurator version 7.4.10 suffers from insecure transit and cleartext hardcoded secret vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-10-23 CVE Reserved
- 2023-11-28 CVE Published
- 2024-09-20 CVE Updated
- 2024-09-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-319: Cleartext Transmission of Sensitive Information
CAPEC
References (4)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Loytec Search vendor "Loytec" | L-inx Configurator Search vendor "Loytec" for product "L-inx Configurator" | 7.4.10 Search vendor "Loytec" for product "L-inx Configurator" and version "7.4.10" | - |
Affected
|