Design/Logic Flaw

2023-11-3023:15:00

PRIOn knowledge base

www.prio-n.com

loytec linx configurator

http authentication

remote attack

password theft

device configuration

7.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

35.3%

JSON

LOYTEC electronics GmbH LINX Configurator 7.4.10 uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration.

CPENameOperatorVersion
l-inx_configuratoreq7.4.10

CPE	Name	Operator	Version
	l-inx_configurator	eq	7.4.10

References

packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html

seclists.org/fulldisclosure/2023/Nov/6

www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/