Campbell Scientific CSI Web Server and RTMC Pro products store web authentication credentials in a file with a predictable filename, using weakly encoded passwords. The vulnerability requires local file access or prior compromise, as there is no known remote vector to retrieve the credential file unless it has been manually renamed. If an attacker obtains this file, passwords can be decoded and reused for [truncated]
A path traversal vulnerability in Campbell Scientific CSI Web Server allows unauthenticated remote attackers to access files outside the webserver root directory. The vulnerability exists in a command that returns the most recent file matching a given expression; when combined with a specially crafted expression, this permits directory traversal. Anonymous access is enabled by default, exposing affected s [truncated]
