CVE-2023-0451 (eos)

All versions of Econolite EOS traffic control software are vulnerable to CWE-284: Improper Access Control, and lack a password requirement for gaining “READONLY� access to log files, as well as certain database and configuration files. One such file contains tables with message-digest algorithm 5 (MD5) hashes and usernames for all defined users in the control software, including administrators and technicians.

access access control administrators algorithm configuration configuration files control cve cwe database defined digest eos file files hashes log log files md5 message password software tables traffic usernames vulnerable