CVE-2020-26079

A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due to insufficient protection of user credentials. An attacker could exploit this vulnerability by logging in as an administrative user and crafting a call for user information. A successful exploit could allow the attacker to obtain hashes of user passwords on an affected device.

A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due to insufficient protection of user credentials. An attacker could exploit this vulnerability by logging in as an administrative user and crafting a call for user information. A successful exploit could allow the attacker to obtain hashes of user passwords on an affected device.

Una vulnerabilidad en la interfaz de usuario web de Cisco IoT Field Network Director (FND), podría permitir a un atacante remoto autenticado obtener el hash de contraseñas de los usuarios en un dispositivo afectado. La vulnerabilidad es debido a una protección insuficiente de las credenciales de usuario. Un atacante podría explotar esta vulnerabilidad iniciando sesión como usuario administrativo y diseñando una llamada para obtener información del usuario. Una explotación con éxito podría permitir al atacante obtener el hash de contraseñas de los usuarios en un dispositivo afectado