Econolite EOS versions prior to 3.2.23 lack a passwordrequirement for gaining βREADONLYβ access to log files and certain database andconfiguration files. One such file contains tables with MD5 hashes andusernames for all defined users in the control software, includingadministrators and technicians...
7.5CVSS
7.4AI Score
0.001EPSS
Econolite EOS versions prior to 3.2.23 use a weak hashalgorithm for encrypting privileged user credentials. A configuration file thatis accessible without authentication uses MD5 hashes for encryptingcredentials, including those of administrators and technicians.
9.8CVSS
5.3AI Score
0.001EPSS