Lucene search
Flashback Team: Pedro Ribeiro (@pedrib1337) && Radek Domanski (@RabbitPro)ZDI-22-1161HistoryAug 23, 2022 - 12:00 a.m.
(Pwn2Own) Softing Secure Integration Server Use of Default Credentials Authentication Bypass Vulnerability
2022-08-2300:00:00
Flashback Team: Pedro Ribeiro (@pedrib1337) && Radek Domanski (@RabbitPro)
www.zerodayinitiative.com
13
vulnerability
remote attackers
authentication bypass
softing secure integration server
default configuration
hard-coded credentials
arbitrary code
administrator.
EPSS
0.002
Percentile
61.1%
This vulnerability allows remote attackers to bypass authentication on affected installations of Softing Secure Integration Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the default configuration of user accounts. The configuration contains hard-coded credentials. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of the Administrator.
Related
nvd
nvd
CVE-2022-2336
2022-08-17 21:15:09
cvelist
cvelist
CVE-2022-2336 Softing Secure Integration Server Improper Authentication
2022-08-17 20:07:46
cve
cve
CVE-2022-2336
2022-08-17 21:15:09
prion
prion
Default credentials
2022-08-17 21:15:00
ics
ics
Softing Secure Integration Server
2022-09-26 12:00:00