raneto is vulnerable to information disclosure. The vulnerability exists in the credentials
function in config.default.js
due to password credentials stored in plaintext which allows an attacker to gain access to the system via brute-forcing the user password.
raneto.com/
cwe.mitre.org/data/definitions/521.html
gainsec.com/2022/08/04/cve-2022-35142-cve-2022-35143-cve-2022-35144/
github.com/gilbitron/Raneto/commit/900c58b53b60fabe54bf6f5227f04aac2e1ebeec
github.com/gilbitron/Raneto/issues/368
github.com/gilbitron/Raneto/pull/370
github.com/gilbitron/Raneto/releases