CVE-2024-5434
Description
The Campbell Scientific CSI Web Server stores web authentication credentials in a file with a specific file name. Passwords within that file are stored in a weakly encoded format. There is no known way to remotely access the file unless it has been manually renamed. However, if an attacker were to gain access to the file, passwords could be decoded and reused to gain access.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2024-5434? +
How do I check if I'm vulnerable to CVE-2024-5434? +
Related Vulnerabilities
The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is …
Use of a custom password encoding algorithm in Streamsoft Prestiż software allows straightforward decoding of passwords using their encoded forms, …
Use of a weak password encoding algorithm in STER software allows the value of the password to be guessed after …
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.6 and iPadOS 18.6. Passcode may …
An issue in secdiskapp 1.5.1 (management program for NewQ Fingerprint Encryption Super Speed Flash Disk) allows attackers to gain escalated …
Authenticator is a browser extension that generates two-step verification codes. In versions 7.0.0 and below, encryption keys for user data …