Vulnerability Details CVE-2018-6011
The time-based one-time-password (TOTP) function in the application logic of the Green Electronics RainMachine Mini-8 (2nd generation) uses the administrator's password hash to generate a 6-digit temporary passcode that can be used for remote and local access, aka a "Use of Password Hash Instead of Password for Authentication" issue. This is exploitable by an attacker who discovers a hash value in the rainmachine-settings.sqlite file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.1%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 6.8
References
Products affected by CVE-2018-6011
-
cpe:2.3:h:rainmachine:mini-8:-
-
cpe:2.3:o:rainmachine:mini-8_firmware:4.0.539
-
cpe:2.3:o:rainmachine:mini-8_firmware:4.0.558
-
cpe:2.3:o:rainmachine:mini-8_firmware:4.0.574
-
cpe:2.3:o:rainmachine:mini-8_firmware:4.0.636
-
cpe:2.3:o:rainmachine:mini-8_firmware:4.0.700
-
cpe:2.3:o:rainmachine:mini-8_firmware:4.0.712
-
cpe:2.3:o:rainmachine:mini-8_firmware:4.0.750
-
cpe:2.3:o:rainmachine:mini-8_firmware:4.0.844
-
cpe:2.3:o:rainmachine:mini-8_firmware:4.0.851
-
cpe:2.3:o:rainmachine:mini-8_firmware:4.0.900
-
cpe:2.3:o:rainmachine:mini-8_firmware:4.0.925
-
cpe:2.3:o:rainmachine:mini-8_firmware:4.0.926
-
cpe:2.3:o:rainmachine:mini-8_firmware:4.0.974
-
cpe:2.3:o:rainmachine:mini-8_firmware:4.0.975