Security News > 2023 > April > 3CX teases security-focused client update, plus password hashing

3CX teases security-focused client update, plus password hashing
2023-04-12 04:35

The CEO of VoIP software provider 3CX has teased the imminent release of a security-focused upgrade to the company's progressive web application client.

"Following our Security Incident we've decided to make an update focusing entirely on security," CEO Nick Galea wrote on Monday.

The abovementioned CVE was published on March 17th, 2023, and described the fact that passwords for 3CX were stored as plaintext.

"The hashing of passwords applies to the Web Client login only," Galea explained.

"The Welcome email used to have the Web Client password as well as the config file for the old style configuration of the app," Galea wrote.

The Register understands that 3CX intends to offer a detailed account of the supply chain attack.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/04/12/3cx_client_update_for_security/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
3CX 6 0 16 8 6 30