Security Advisory

CVE-2021-36767

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-10-08 14:22:57

Last updated 2024-08-04 01:01:59

Assigner mitre

State PUBLISHED

Description

In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the servers access password. The attacker may then crack this hash offline in order to successfully login to the server.

← Browse all CVEs View on cve.org ↗