Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for user authentication that circumvents traditional user authentication. This module uses a password derived from the MD5 hash of the username and serial number. The serial number can be retrieved by an unauthenticated user at /info.xml. Attempts to change the user password via passwd or other tools have no effect.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Enphase Envoy 安全漏洞
Vulnerability Description
Envoy是一款开源的分布式代理服务器。 Enphase Envoy 存在安全漏洞,该漏洞源于用户身份验证的自定义PAM模块,它绕过了传统的用户身份验证,该模块使用用户名和序列号的MD5散列派生的密码。序列号可以由未经身份验证的用户在info.xml中检索。攻击者可利用该漏洞试图通过passwd或其他工具更改用户密码无效。
CVSS Information
N/A
Vulnerability Type
N/A