CVE-2024-0556

EPSS 0.18%
Published 16.01.2024 11:15:08
Last modified 21.11.2024 08:46:51
Source cve-coordination@incibe.es
Teams watchlist Login
Open Login

A Weak Cryptography for Passwords vulnerability has been detected on WIC200 affecting version 1.1. This vulnerability allows a remote user to intercept the traffic and retrieve the credentials from another user and decode it in base64 allowing the attacker to see the credentials in plain text.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Xantech ≫ Wic1200 Firmware Version1.1

Xantech ≫ Wic1200 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.18%	0.4

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cve-coordination@incibe.es	7.1	2.8	4.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CWE-261 Weak Encoding for Password

Obscuring a password with a trivial encoding does not protect the password.

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-0556

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-0556

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-0556

EUVD