4 matches found
CVE-2020-35586
In Solstice Pod before 3.3.0 or Open4.3, the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement e.g., it might be all digits or all lowercase letters...
CVE-2020-35586
creationtimestamp| type| source ---|---|--- 2020-12-23 19:25:28+00:00| seen| https://t.me/cibsecurity/21229...
CVE-2020-35586
In Solstice Pod before 3.3.0 or Open4.3, the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement e.g., it might be all digits or all lowercase letters...
CVE-2020-35586
Solstice Pod (before 3.3.0) and Solstice Open4.3 vulnerability where the Administrator password can be enumerated by brute-forcing the Open Control API endpoint /Config/service/initModel?password= due to no password complexity requirements. Affected products are Solstice Pod prior to 3.3.0 and So...