CVE-2023-29064
Hardcoded Secrets
In short
FACSChorus software stores sensitive login credentials and tokens directly in its code or configuration files in plain text. An attacker who gains access to these files can steal administrative passwords and tokens, compromising the entire application.
Technical detail
CWE-798 hardcoded credentials vulnerability in FACSChorus allows threat actors with access to application files or memory to extract plaintext administrative tokens and passwords. Pre-condition requires local or remote file access; impact includes unauthorized administrative access and full application compromise.
Summary generated and translated by AI from the official description.
The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts.
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected products
Becton, Dickinson and Company (BD) · FACSChorusWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →