The administrative interface on the PolyVision RoomWizard with firmware 3.2.3 places the Sync Connector Active Directory (AD) credentials in a web form that is accessed over HTTP on port 80, which allows remote attackers to obtain sensitive information by reading the HTML source code corresponding to the /admin/sign/DeviceSynch URI.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: certcc
Published: 2011-01-12T00:00:00
Updated: 2024-08-07T00:37:54.145Z
Reserved: 2010-01-06T00:00:00
Link: CVE-2010-0214
Vulnrichment
No data.
NVD
Status : Modified
Published: 2011-01-12T01:00:01.183
Modified: 2024-11-21T01:11:46.417
Link: CVE-2010-0214
Redhat
No data.