Vulnerability Description
The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, uses a weak hash algorithm for storing the Administrator password, which makes it easier for context-dependent attackers to obtain privileged access by recovering the cleartext of this password.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| S2Sys | Netbox | 2.5 |
| Linearcorp | Emerge 50 | All versions |
| Linearcorp | Emerge 5000 | All versions |
| Sonitrol | Eaccess | All versions |
Related Weaknesses (CWE)
References
- http://blip.tv/file/3414004Exploit
- http://www.darkreading.com/blog/archives/2010/04/attacking_door.html
- http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageN
- http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hackingExploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59827
- http://blip.tv/file/3414004Exploit
- http://www.darkreading.com/blog/archives/2010/04/attacking_door.html
- http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageN
- http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hackingExploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59827
FAQ
What is CVE-2010-2468?
CVE-2010-2468 is a vulnerability with a CVSS score of 10.0 (HIGH). The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, uses a weak hash algorithm for storing the Administrator password, which makes it easier for cont...
How severe is CVE-2010-2468?
CVE-2010-2468 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2468?
Check the references section above for vendor advisories and patch information. Affected products include: S2Sys Netbox, Linearcorp Emerge 50, Linearcorp Emerge 5000, Sonitrol Eaccess.