3CX teases security-focused client update, plus password hashing

2023-04-12 04:35

The CEO of VoIP software provider 3CX has teased the imminent release of a security-focused upgrade to the company's progressive web application client.

"Following our Security Incident we've decided to make an update focusing entirely on security," CEO Nick Galea wrote on Monday.

The abovementioned CVE was published on March 17th, 2023, and described the fact that passwords for 3CX were stored as plaintext.

"The hashing of passwords applies to the Web Client login only," Galea explained.

"The Welcome email used to have the Web Client password as well as the config file for the old style configuration of the app," Galea wrote.

The Register understands that 3CX intends to offer a detailed account of the supply chain attack.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/04/12/3cx_client_update_for_security/

#3CX #security

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
3CX		7	0	21	6	5	32