Unprotected Transport of Credentials in ABB Ellipse: Sniffing Attack Vulnerability

Unprotected Transport of Credentials in ABB Ellipse: Sniffing Attack Vulnerability

CVE-2017-16731 · LOW Severity

AV:A/AC:M/AU:N/C:P/I:N/A:N

An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials.

Learn more about our Network Penetration Testing.