CVE-2017-16731
20.12.2017, 19:29
An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials.Enginsight
| Vendor | Product | Version |
|---|---|---|
| hitachienergy | ellipse | 8.3.0 ≤ 𝑥 ≤ 8.9.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-523 - Unprotected Transport of CredentialsLogin pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.
- CWE-522 - Insufficiently Protected CredentialsThe product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.