Vulnerabilities > CVE-2016-8716 - Weak Password Recovery Mechanism for Forgotten Password vulnerability in Moxa Awk-3131A Firmware 1.1
Attack vector
ADJACENT_NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepting this traffic is able to obtain valid credentials.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 | |
| Hardware | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Password Recovery Exploitation An attacker may take advantage of the application feature to help users recover their forgotten passwords in order to gain access into the system with the same privileges as the original user. Generally password recovery schemes tend to be weak and insecure. Most of them use only one security question . For instance, mother's maiden name tends to be a fairly popular one. Unfortunately in many cases this information is not very hard to find, especially if the attacker knows the legitimate user. These generic security questions are also re-used across many applications, thus making them even more insecure. An attacker could for instance overhear a coworker talking to a bank representative at the work place and supplying their mother's maiden name for verification purposes. An attacker can then try to log in into one of the victim's accounts, click on "forgot password" and there is a good chance that the security question there will be to provide mother's maiden name. A weak password recovery scheme totally undermines the effectiveness of a strong password scheme.
Seebug
| bulletinFamily | exploit |
| description | ### Summary An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepting this traffic is able to obtain valid credentials. ### Tested Versions Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client 1.1 ### Product URLs http://www.moxa.com/product/AWK-3131A.htm ### CVSSv3 Score 7.5 - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H ### Details An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. The Change Password functionality of the Web Application transmits the password in cleartext as HTTP POST parameters. An attacker capable of intercepting this traffic is able to obtain valid credentials. ### Mitigation To significantly mitigate risk of exploitation, disable the web application before the device is deployed. ### Timeline * 2016-11-14 - Vendor Disclosure * 2017-04-10 - Public Release ### CREDIT * Discovered by Patrick DeSantis of Cisco Talos. |
| id | SSV:96540 |
| last seen | 2017-11-19 |
| modified | 2017-09-20 |
| published | 2017-09-20 |
| reporter | Root |
| title | Moxa AWK-3131A Web Application Cleartext Transmission of Password Vulnerability(CVE-2016-8716) |
Talos
| id | TALOS-2016-0230 |
| last seen | 2019-05-29 |
| published | 2017-04-10 |
| reporter | Talos Intelligence |
| source | http://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0230 |
| title | Moxa AWK-3131A Web Application Cleartext Transmission of Password Vulnerability |