NetVision Information airPASS Missing Authentication Vulnerability Allowing Password Retrieval

A missing authentication vulnerability has been identified in the airPASS application by NetVision Information, specifically in versions 2.9.0.x and 3.0.0.x. This vulnerability allows unauthenticated remote attackers to access certain administrative functions, enabling them to retrieve a list of all user accounts and passwords.

Impact

Exploitation of this vulnerability could lead to unauthorized access to user accounts and passwords, potentially allowing for further exploitation or unauthorized actions within the application or associated systems.

Remediation

Users of airPASS version 2.9.0.x should update to version 2.9.0.241231 or later. Users of version 3.0.0.x should update to version 3.0.0.241231 or later. Assistance can be obtained through the application's distributor or directly from the manufacturer.