Vulnerability: ECOA BAS Controller Exposes User Account and Passwords in Plain Text

Vulnerability: ECOA BAS Controller Exposes User Account and Passwords in Plain Text

CVE-2021-41300 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

ECOA BAS controller’s special page displays user account and passwords in plain text, thus unauthenticated attackers can access the page and obtain privilege with full functionality.

Learn more about our User Device Pen Test.