CVE-2020-35586

In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement (e.g., it might be all digits or all lowercase letters).

In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement (e.g., it might be all digits or all lowercase letters).

En Solstice Pod versiones anteriores a 3.3.0 (u Open4.3), la contraseña de administrador puede ser enumerada usando ataques de fuerza bruta por medio de la API Solstice Open Control de /Config/service/initModel?password= porque no se presentan requisitos de complejidad (por ejemplo, pueden ser todos dígitos o letras minúsculas)