2 matches found
CVE-2020-25754
An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for user authentication that circumvents traditional user authentication. This module uses a password derived from the MD5 hash of the username and serial number. The serial number can be retrieved by an...
CVE-2020-25754
CVE-2020-25754 affects Enphase Energy Envoy R3.x and D4.x devices. A custom PAM module for user authentication bypasses standard login by deriving a password from the MD5 hash of the username and serial number, with the serial number obtainable by an unauthenticated user at /info.xml. Attempts to...