ubiQuoss Switch VP5208A creates a bcm_password file at /cgi-bin/ with the user credentials in cleartext when a failed login attempt occurs. The file can be reached via an HTTP request. The credentials can be used to access the system via SSH (or TELNET if it is enabled).
References
Link | Resource |
---|---|
https://www.tarlogic.com/advisories/Tarlogic-2018-002.txt | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:22:14
Updated: 2022-10-03T16:22:14
Reserved: 2022-10-03T00:00:00
Link: CVE-2018-10024
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-04-11T17:29:00.397
Modified: 2019-10-03T00:03:26.223
Link: CVE-2018-10024
JSON object: View
Redhat Information
No data.
CWE