CVE-2021-32003
05.08.2021, 21:15
Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.Enginsight
| Vendor | Product | Version |
|---|---|---|
| secomea | sitemanager_firmware | 𝑥 < 9.5.621256022 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-523 - Unprotected Transport of CredentialsLogin pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.
- CWE-522 - Insufficiently Protected CredentialsThe product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.