CVE-2023-0452

Summary

Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians.

Affected Software

VendorProductVersion RangeStatus
EconoliteEOS0 < 3.2.23affected

Weaknesses

  • CWE-328: CWE-328 Use of Weak Hash

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References