Back to search
CVE-2018-10024
Published: Apr 11, 2018
Modified: Sep 17, 2024
PUBLISHED
Description
ubiQuoss Switch VP5208A creates a bcm_password file at /cgi-bin/ with the user credentials in cleartext when a failed login attempt occurs. The file can be reached via an HTTP request. The credentials can be used to access the system via SSH (or TELNET if it is enabled).
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://www.tarlogic.com/advisories/Tarlogic-2018-002.txt
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now