Weak Encoding for Password

CVE-2023-28896

Low

3.3/10

Summary

Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle. Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-261 - Weak Encoding for Password

Obscuring a password with a trivial encoding does not protect the password.

References

Advisory Timeline

Published Dec 01, 2023

Weak Encoding for Password

CVE-2023-28896

Summary

CWE-261 - Weak Encoding for Password

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS