vendor:
Cylon Aspect
by:
Gjoko 'LiquidWorm' Krstic
6.1
CVSS
HIGH
Weak Password Policy
522
CWE
Product Name: Cylon Aspect
Affected Version From: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware version <=3.07.02
Affected Version To: 03.07.02
Patch Exists: NO
Related CWE: CVE-2024-48845
CPE: a:abb_ltd.:cylon_aspect:3.07.02
Platforms Tested: GNU/Linux, Intel Processors, PHP, AspectFT Automation Application Server, lighttpd, Apache, OpenJDK, ErgoTech MIX Deployment Server
2024
ABB Cylon Aspect 3.07.02 Weak Password Policy
ABB Cylon Aspect 3.07.02 suffers from a weak password policy in userManagement.php, allowing users to set simple or empty passwords and usernames without constraints. This flaw decreases account security, empowering attackers to misuse weak credentials for unauthorized access.
Mitigation:
To mitigate this vulnerability, users should enforce strong password policies requiring complex passwords and usernames. Regularly updating passwords and implementing multi-factor authentication can also enhance security.
