Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Digi RealPort 安全漏洞
Vulnerability Description
Digi RealPort是一种专有的 Serial-over-LAN 封装协议。它通过将 ICS 协议数据封装在基于 TCP 的协议中,为网络上任何地方的串行设备提供虚拟连接。 Digi RealPort存在安全漏洞,攻击者可利用该漏洞向服务器发送未经身份验证的请求,服务器将用服务器访问密码的弱散列版本进行应答,攻击者可利用该漏洞可能会脱机破解进而成功登录到服务器。
CVSS Information
N/A
Vulnerability Type
N/A