Vulnerabilities > CVE-2020-25754 - Use of Password Hash With Insufficient Computational Effort vulnerability in Enphase Envoy Firmware D4.0/R3.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for user authentication that circumvents traditional user authentication. This module uses a password derived from the MD5 hash of the username and serial number. The serial number can be retrieved by an unauthenticated user at /info.xml. Attempts to change the user password via passwd or other tools have no effect.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 2 | |
Hardware | 1 |
Common Weakness Enumeration (CWE)
References
- https://enphase.com/en-us/products-and-services/envoy-and-combiner
- https://enphase.com/en-us/products-and-services/envoy-and-combiner
- https://medium.com/stage-2-security/can-solar-controllers-be-used-to-generate-fake-clean-energy-credits-4a7322e7661a
- https://medium.com/stage-2-security/can-solar-controllers-be-used-to-generate-fake-clean-energy-credits-4a7322e7661a
- https://stage2sec.com
- https://stage2sec.com