Description
Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks.

This issue affects Avantra: before 25.3.0.
Published: 2026-05-22
Score: 5.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Avantra application, when resetting passwords, transmits the new credentials unencrypted across the network. This flaw allows an attacker who can monitor traffic to capture valid user passwords, which can be used to gain unauthorized access to the system. The weakness is classified as CWE‑523, reflecting unprotected credential transport.

Affected Systems

Syslink Software AG Avantra running on Linux or Windows with versions earlier than 25.3.0 is affected.

Risk and Exploitability

The CVSS score of 5.9 indicates moderate severity, and the lack of an EPSS score or KEV listing suggests limited known exploitation. However, the vulnerability remains exploitable through passive network monitoring, giving attackers direct access to user passwords without the need for additional exploits.

Generated by OpenCVE AI on May 22, 2026 at 15:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Avantra to version 25.3.0 or later to eliminate the plaintext credential transmission.
  • If an upgrade is not immediately possible, enforce secure transport for Avantra communication, such as VPN tunnels or SSL/TLS encryption, to protect credentials in transit.
  • Implement network segmentation and monitor for unauthorized traffic sniffing to detect potential credential capture attempts.

Generated by OpenCVE AI on May 22, 2026 at 15:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 22 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 22 May 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Syslink Software Ag
Syslink Software Ag avantra
Vendors & Products Syslink Software Ag
Syslink Software Ag avantra

Fri, 22 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks. This issue affects Avantra: before 25.3.0.
Title Password re-initialization mechanism sends passwords in plain text
Weaknesses CWE-523
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N'}

Subscriptions

Syslink Software Ag Avantra
cve-icon MITRE

Status: PUBLISHED

Assigner: NCSC.ch

Published:

Updated: 2026-05-22T15:04:07.665Z

Reserved: 2026-05-15T11:50:00.380Z

Link: CVE-2026-8673

cve-icon Vulnrichment

Updated: 2026-05-22T15:04:02.906Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-22T15:15:09Z

Weaknesses