← back
CVE-2018-18395

CVE-2018-18395

EPSS 1.5%
In short

A security flaw in Moxa ThingsPro version 2.1 allows attackers to access hidden authentication tokens that should be protected. This could let someone bypass security controls and gain unauthorized access to the system.

Technical detail

CVE-2018-18395 involves improper protection of authentication tokens in Moxa ThingsPro IIoT Gateway 2.1, enabling attackers with local or network access to retrieve hidden tokens and potentially escalate privileges or bypass authentication mechanisms. The vulnerability stems from insufficient token obfuscation or encryption, allowing direct token extraction from the software.

Summary generated and translated by AI from the official description.
Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
Affected products
Moxa · ThingsPro IIoT Gateway and Device Management Software Solutions

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/10/18/klcert-18-023-moxa-thingspro-iiot-gateway-and-device-management-software-solutions-hidden-token-access/