Design/Logic Flaw

2023-05-2223:15:00

PRIOn knowledge base

www.prio-n.com

iboot

protocol

logic flaw

user authentication

nvd

9.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.5%

JSON

A proprietary protocol for iBoot devices is used for control and keepalive commands. The function compares the username and password; it also contains the configuration data for the user specified. If the user does not exist, then it sends a value for username and password, which allows successful authentication for a connection.

CPENameOperatorVersion
iboot-pdu4-c20_firmwarelt1.42.06162022
iboot-pdu4-n20_firmwarelt1.42.06162022
iboot-pdu4a-c10_firmwarelt1.42.06162022
iboot-pdu4a-c20_firmwarelt1.42.06162022
iboot-pdu4a-n15_firmwarelt1.42.06162022
iboot-pdu4a-n20_firmwarelt1.42.06162022
iboot-pdu4sa-c10_firmwarelt1.42.06162022
iboot-pdu4sa-c20_firmwarelt1.42.06162022
iboot-pdu4sa-n15_firmwarelt1.42.06162022
iboot-pdu4sa-n20_firmwarelt1.42.06162022

Name	Operator	Version
iboot-pdu4-c20_firmware	lt	1.42.06162022
iboot-pdu4-n20_firmware	lt	1.42.06162022
iboot-pdu4a-c10_firmware	lt	1.42.06162022
iboot-pdu4a-c20_firmware	lt	1.42.06162022
iboot-pdu4a-n15_firmware	lt	1.42.06162022
iboot-pdu4a-n20_firmware	lt	1.42.06162022
iboot-pdu4sa-c10_firmware	lt	1.42.06162022
iboot-pdu4sa-c20_firmware	lt	1.42.06162022
iboot-pdu4sa-n15_firmware	lt	1.42.06162022
iboot-pdu4sa-n20_firmware	lt	1.42.06162022