Sick: >> Media Server >> 1.5 Security Vulnerabilities
The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens.
CVSS Score
3.1
EPSS Score
0.001
Published
2025-06-12
The server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. If an attacker were to intercept traffic between a client and this server, the credentials would be exposed.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-06-12
The FTP server’s login mechanism does not restrict authentication attempts, allowing an attacker to brute-force user passwords and potentially compromising the FTP server.
CVSS Score
5.3
EPSS Score
0.002
Published
2025-06-12
All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-06-12