TG8 Firewall Password Disclosure Vulnerability

A vulnerability in TG8 Firewall allows remote unauthenticated attackers to access a directory over HTTP that contains credential files for previously logged-in users. This directory, which is exposed without authentication, can be accessed to enumerate and download files, thereby obtaining valid usernames and passwords. The vulnerability leads to unauthorized access by disclosing sensitive information that could be exploited to gain further access to user accounts.

Impact

Exploitation of this vulnerability allows for the unauthorized disclosure of user credentials, including usernames and passwords, which could be used to gain unauthorized access to user accounts on the TG8 Firewall.

Reproduction

The vulnerability can be reproduced by sending a request to the TG8 Firewall server that accesses the exposed '/data/' directory over HTTP. This can be done without any authentication. Once the directory is accessed, files containing user credentials can be enumerated and downloaded.