CashDro 3 Weak Credential Vulnerability in Web Administration Panel
Vulnerability
A vulnerability exists in the CashDro 3 web administration panel, specifically in version 24.01.00.26, due to weak credential requirements. The platform permits the use of numeric PINs for user authentication, a feature maintained for compatibility with POS software integrations since 2012. This weakness could enable an attacker to conduct brute-force attacks to guess PINs, potentially leading to unauthorized access. Exploiting this vulnerability could allow access to sensitive configuration settings, thereby undermining the system's security.
Impact
Exploitation of this vulnerability could result in unauthorized access to confidential configuration settings, compromising the security of the system.
Remediation
Users can update to the latest version of CashDro 3, which supports alphanumeric PINs, to address this vulnerability. The currently supported version required for the update is 26.01.00.16, as previous versions have been removed from the distribution repository for security reasons.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.