CVE-2018-6011
N/A
N/A
Summary
The time-based one-time-password (TOTP) function in the application logic of the Green Electronics RainMachine Mini-8 (2nd generation) uses the administrator's password hash to generate a 6-digit temporary passcode that can be used for remote and local access, aka a "Use of Password Hash Instead of Password for Authentication" issue. This is exploitable by an attacker who discovers a hash value in the rainmachine-settings.sqlite file.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.