CVE-2023-39979
MXsecurity Authentication Bypass
In short
MXsecurity versions before 1.0.1 have a flaw that allows attackers to bypass login checks because the authentication system doesn't generate unpredictable enough random values. This means someone from the internet could potentially gain unauthorized access to the system.
Technical detail
The vulnerability stems from insufficient randomness (CWE-334) in the web service authenticator, enabling remote attackers to predict or forge authentication tokens without valid credentials. Pre-condition: target runs vulnerable MXsecurity <1.0.1; impact includes complete authentication bypass and unauthorized system access.
Summary generated and translated by AI from the official description.
There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Moxa · MXsecurity SeriesWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →