Lucene search
Chris Anastasio (muffin) and Steven Seeley (mr_me) of Incite TeamZDI-22-1155HistoryAug 23, 2022 - 12:00 a.m.
(Pwn2Own) Softing Secure Integration Server Cleartext Transmission of Sensitive Information Authentication Bypass Vulnerability
2022-08-2300:00:00
Chris Anastasio (muffin) and Steven Seeley (mr_me) of Incite Team
www.zerodayinitiative.com
19
softing secure integration server
cleartext transmission
sensitive information
authentication bypass
vulnerability
EPSS
0.001
Percentile
36.9%
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Softing Secure Integration Server. User interaction is required to exploit this vulnerability. The specific flaw exists within the handling of administrator credentials provided to the endpoint. The issue results from transmitting sensitive information in plaintext. An attacker can leverage this vulnerability to bypass authentication on the system.
Related
nvd
nvd
CVE-2022-2338
2022-08-17 21:15:09
cve
cve
CVE-2022-2338
2022-08-17 21:15:09
prion
prion
Authentication flaw
2022-08-17 21:15:00
cvelist
cvelist
ics
ics
Softing Secure Integration Server
2022-09-26 12:00:00