An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user "cyberpower" by appending a non-printable character.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator with hardcoded default credentials.
References
Link | Resource |
---|---|
https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: trellix
Published: 2023-08-14T04:08:06.402Z
Updated: 2023-08-14T04:08:06.402Z
Reserved: 2023-06-15T06:50:34.078Z
Link: CVE-2023-3265
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-08-14T05:15:09.987
Modified: 2023-08-22T16:20:24.977
Link: CVE-2023-3265
JSON object: View
Redhat Information
No data.
CWE