An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP 'Host' header, as demonstrated by retrieving credentials.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-11-01T17:00:00

Updated: 2024-08-05T06:17:16.871Z

Reserved: 2018-02-11T00:00:00

Link: CVE-2018-6908

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2018-11-01T17:29:01.047

Modified: 2019-02-22T17:23:02.053

Link: CVE-2018-6908

cve-icon Redhat

No data.