Published: 14/09/2023 Updated: 07/11/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name. Unauthenticated attackers can exploit this vulnerability to obtain Administrator privileges, resulting in them being able to perform arbitrary system operations or cause a Denial of Service (DoS).

Vulnerable Product	Search on Vulmon	Subscribe to Product
i-doit i-doit

CVE-2023-37755 - Hardcoded Admin Credential in i-doit Pro 25 and below i-doit Pro 25 and below are vulnerable to Hardcoded admin credential vulnerability These vulnerabilities could allows anyone to login as admin with just username “admin” and password “admin” Description of product: i-doit is a web based Open Source IT documentation and CMDB (Configu

CWE-798 https://github.com/leekenghwa/CVE-2023-37755---Hardcoded-Admin-Credential-in-i-doit-Pro-25-and-below/blob/main/README.md https://medium.com/%40ray.999/d7a54030e055 https://medium.com/%40ray.999/i-doit-v25-and-below-incorrect-access-control-issue-cve-2023-37755-d7a54030e055 https://nvd.nist.gov https://github.com/leekenghwa/CVE-2023-37755---Hardcoded-Admin-Credential-in-i-doit-Pro-25-and-below

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-37755

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect