In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-10-08T14:22:57

Updated: 2024-08-04T01:01:59.227Z

Reserved: 2021-07-16T00:00:00

Link: CVE-2021-36767

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-10-08T15:15:09.037

Modified: 2024-11-21T06:14:03.237

Link: CVE-2021-36767

cve-icon Redhat

No data.