Use of Hard-coded Password
CVE-2022-45444
Summary
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 contains hard-coded passwords for select users in the application’s database. This could allow a remote attacker to login to the database with unrestricted access.
- LOW
- NETWORK
- HIGH
- CHANGED
- NONE
- NONE
- HIGH
- HIGH
CWE-259 - Use of Hard-coded Password
The software contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.
References
Advisory Timeline
- Published