MidnightBSD

Advisories for tnlsoftsolutions

CVE-2018-9031 MEDIUM

The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by reading an "if(pwd ==" line in the HTML source code. This means, in effect, that authentication occurs only on the client side.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
tnlsoftsolutions sentry_vision 3.2
tnlsoftsolutions sentry_vision 3.1
tnlsoftsolutions sentry_vision 3.0