QwikSec

Security Database

CVE

CWE

Training

CVE-2018-10286

Published: Apr 22, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext, an attacker needs to be authenticated.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gist.github.com/berkgoksel/fde102503c457c0344e2e53b7971437a

x_refsource_MISC

exploit

x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.