CVE-2023-5719
Summary
A vulnerability in the Crimson 3.2 configuration tool for Windows allows administrative users to set passwords containing a percent (%) character. This can lead to invalid values and potential truncation if a NUL character is encountered, leaving devices in a vulnerable state with easier-to-compromise credentials. The issue does not affect passwords entered via the Crimson system web server.
IFF Assessment
The vulnerability allows for easier credential compromise, directly benefiting attackers.
Severity
Defender Context
This vulnerability highlights the importance of input validation, especially for sensitive data like passwords. Defenders should ensure systems that handle configuration and user credentials are up-to-date and that administrators are aware of potentially insecure password practices, such as using special characters that might not be properly handled.