Cleartext Storage of Administrative Web-Interface Credentials in Dynacolor FCM-MB40 v1.2.0.0

Cleartext Storage of Administrative Web-Interface Credentials in Dynacolor FCM-MB40 v1.2.0.0

CVE-2019-13400 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface credentials in cleartext. These credentials can be retrieved via cgi-bin/getuserinfo.cgi?mode=info.

Learn more about our Web App Pen Testing.