CVE Vulnerabilities

CVE-2024-0556

Weak Encoding for Password

Published: Jan 16, 2024 | Modified: Jan 23, 2024
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

A Weak Cryptography for Passwords vulnerability has been detected on WIC200 affecting version 1.1. This vulnerability allows a remote user to intercept the traffic and retrieve the credentials from another user and decode it in base64 allowing the attacker to see the credentials in plain text.

Weakness

Obscuring a password with a trivial encoding does not protect the password.

Affected Software

Name Vendor Start Version End Version
Wic1200_firmware Xantech 1.1 1.1

Potential Mitigations

References