Weak Hash Algorithm Used for Encrypting Privileged User Credentials in Econolite EOS Versions Prior to 3.2.23

Weak Hash Algorithm Used for Encrypting Privileged User Credentials in Econolite EOS Versions Prior to 3.2.23

CVE-2023-0452 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians.

Learn more about our User Device Pen Test.