Insecure Storage of Hard-Coded Service Credentials in ThingsBoard 3.4.1

Insecure Storage of Hard-Coded Service Credentials in ThingsBoard 3.4.1

CVE-2023-26462 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials (usable for privilege escalation) are stored in an insecure format. (To read this stored data, the attacker needs access to the application server or its source code.)

Learn more about our Cis Benchmark Audit For Server Software.