CVE-2021-23857

Severity CVSS v4.0:
Pending analysis
Type:
CWE-287 Authentication Issues
Publication date:
04/10/2021
Last modified:
30/08/2022

Description

Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to subsequently login to the system.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:bosch:rexroth_indramotion_mlc_l20_firmware:*:*:*:*:*:*:*:* 12 (including)
cpe:2.3:h:bosch:rexroth_indramotion_mlc_l20:-:*:*:*:*:*:*:*
cpe:2.3:o:bosch:rexroth_indramotion_mlc_l40_firmware:*:*:*:*:*:*:*:* 12 (including)
cpe:2.3:h:bosch:rexroth_indramotion_mlc_l40:-:*:*:*:*:*:*:*
cpe:2.3:o:bosch:rexroth_indramotion_mlc_l25_firmware:*:*:*:*:*:*:*:* 12 (including)
cpe:2.3:h:bosch:rexroth_indramotion_mlc_l25:-:*:*:*:*:*:*:*
cpe:2.3:o:bosch:rexroth_indramotion_mlc_l45_firmware:*:*:*:*:*:*:*:* 12 (including)
cpe:2.3:h:bosch:rexroth_indramotion_mlc_l45:-:*:*:*:*:*:*:*
cpe:2.3:o:bosch:rexroth_indramotion_mlc_l65_firmware:*:*:*:*:*:*:*:* 12 (including)
cpe:2.3:h:bosch:rexroth_indramotion_mlc_l65:-:*:*:*:*:*:*:*
cpe:2.3:o:bosch:rexroth_indramotion_mlc_l75_firmware:*:*:*:*:*:*:*:* 12 (including)
cpe:2.3:h:bosch:rexroth_indramotion_mlc_l75:-:*:*:*:*:*:*:*
cpe:2.3:o:bosch:rexroth_indramotion_mlc_l85_firmware:*:*:*:*:*:*:*:* 12 (including)
cpe:2.3:h:bosch:rexroth_indramotion_mlc_l85:-:*:*:*:*:*:*:*
cpe:2.3:o:bosch:rexroth_indramotion_mlc_xm22_firmware:*:*:*:*:*:*:*:* 12 (including)


References to Advisories, Solutions, and Tools