Insecure Storage of Root Password Hash in ALEOS 4.16 and Earlier

Insecure Storage of Root Password Hash in ALEOS 4.16 and Earlier

CVE-2023-40463 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access.

Learn more about our User Device Pen Test.