Authentication Bypass via Machine-in-the-Middle Attack in Softing Secure Integration Server V1.22

Authentication Bypass via Machine-in-the-Middle Attack in Softing Secure Integration Server V1.22

CVE-2022-2338 · MEDIUM Severity

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may be captured for use in authenticating to the server.

Learn more about our Cis Benchmark Audit For Server Software.