N/A

Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query parameter in the account activation URL (e.g., https://domain.com/activate=xyz). This practice can result in password exposure via browser history, proxy logs, referrer headers, and email caching. The vulnerability impacts user credential confidentiality during initial onboarding.

N/A

N/A

Aikaan IoT management platform 安全漏洞

Aikaan IoT management platform是印度Aikaan公司的一个管理平台。 Aikaan IoT management platform v3.25.0325-5-g2e9c59796版本存在安全漏洞，该漏洞源于明文发送新密码，可能导致密码暴露。

N/A

N/A