Helpdesk 3.0.1 Use of Hard-coded Credentials Vulnerability

Published on August 13th, 2020

Summary

This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service.

Credit:

The information has been provided by Yoni Ramon

The original article can be found at:https://www.qnap.com/zh-tw/security-advisory/qsa-20-03

Details

Attackers can access the sensitive data on QNAP Kayako server with API keys. We have replaced the API key to mitigate the vulnerability, and already fixed the issue in Helpdesk 3.0.1 and later versions.

Vulnerable Systems:

Helpdesk 3.0.1

CVE Information:

CVE-2020-2500

Disclosure Timeline:
Published Date:7/1/2020

Helpdesk 3.0.1 Use of Hard-coded Credentials Vulnerability

Summary

Credit:

Details

Featured News

HUAWEI P30 with versions earlier than 10.1.0.160 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability

Featured News

HUAWEI P30 with versions earlier than 10.1.0.135 Improper Verification of Cryptographic Signature Vulnerability

Featured News

HUAWEI P30 smartphone versions 10.1.0.135 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability

Helpdesk 3.0.1 Use of Hard-coded Credentials Vulnerability

Summary

Credit:

Details

Related Posts

Featured News

HUAWEI P30 with versions earlier than 10.1.0.160 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability

Featured News

HUAWEI P30 with versions earlier than 10.1.0.135 Improper Verification of Cryptographic Signature Vulnerability

Featured News

HUAWEI P30 smartphone versions 10.1.0.135 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability