CVE-2023-41926

Summary

The webserver utilizes basic authentication for its user login to the configuration interface. As encryption is disabled on port 80, it enables potential eavesdropping on user traffic, making it possible to intercept their credentials.

Affected Software

VendorProductVersion RangeStatus
KiloviewP1/P2All <= 4.8.2605affected

Weaknesses

  • CWE-522: CWE-522 Insufficiently Protected Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References