Vulnerability Description
The time-based one-time-password (TOTP) function in the application logic of the Green Electronics RainMachine Mini-8 (2nd generation) uses the administrator's password hash to generate a 6-digit temporary passcode that can be used for remote and local access, aka a "Use of Password Hash Instead of Password for Authentication" issue. This is exploitable by an attacker who discovers a hash value in the rainmachine-settings.sqlite file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rainmachine | Mini-8 Firmware | >= 4.0.539, <= 4.0.975 |
| Rainmachine | Mini-8 | - |
Related Weaknesses (CWE)
References
- http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-iExploitThird Party Advisory
- http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-iExploitThird Party Advisory
FAQ
What is CVE-2018-6011?
CVE-2018-6011 is a vulnerability with a CVSS score of 8.1 (HIGH). The time-based one-time-password (TOTP) function in the application logic of the Green Electronics RainMachine Mini-8 (2nd generation) uses the administrator's password hash to generate a 6-digit temp...
How severe is CVE-2018-6011?
CVE-2018-6011 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-6011?
Check the references section above for vendor advisories and patch information. Affected products include: Rainmachine Mini-8 Firmware, Rainmachine Mini-8.