An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API.
References
Link | Resource |
---|---|
http://dcap.com | Not Applicable |
http://makves.com | Not Applicable |
https://pastebin.com/L5BkBeEE | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
28 Jun 2023, 13:50
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:makves:dcap:3.0.0.183:*:*:*:*:*:*:* cpe:2.3:a:makves:dcap:3.0.0.122:*:*:*:*:*:*:* |
|
CWE | CWE-312 | |
First Time |
Makves
Makves dcap |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | (MISC) http://makves.com - Not Applicable | |
References | (MISC) https://pastebin.com/L5BkBeEE - Third Party Advisory | |
References | (MISC) http://dcap.com - Not Applicable |
21 Jun 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-21 16:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-27243
Mitre link : CVE-2023-27243
CVE.ORG link : CVE-2023-27243
JSON object : View
Products Affected
makves
- dcap
CWE
CWE-312
Cleartext Storage of Sensitive Information