FortiClient VulnerabilityInductive Automation Ignition ICSA-15-090-01 Weak Credentials Management Vulnerability
Description
Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests. In this version there are also cross-site scripting (XSS) vulnerabilities which allow remote attackers to inject arbitrary web scripts or HTML via unspecified vectors. There are also vulnerabilities where remote attackers and local users can obtain sensitive information by reading error messages or obtaining them through unspecified vectors.
Affected Applications
Ignition
Other References
https://us-cert.cisa.gov/ics/advisories/ICSA-15-090-01| ID | 2406 |
| Created | Oct 07, 2021 |
| Description Updated |
Sep 14, 2023 |
| Risk |
|
| Coverage | FortiClient |
| OS | Windows |
| Vendor | Inductive Automation |
| Patch | manual |
| Application | Ignition |