2 matches found
CVE-2020-25754
An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for user authentication that circumvents traditional user authentication. This module uses a password derived from the MD5 hash of the username and serial number. The serial number can be retrieved by an...
Cisco ATA-186 admin password can be trivially circumvented
The Cisco ATA-186 Analog Telephone adapter interfaces "legacy" analog telephones to VoIP networks. The adapter can be configured via a web interface, that typically requires a password to access. Unfortunately, this password protection can be trivially circumvented. On two ATA-186s that we tested...