Mutare Security Advisory
|Published Date||February 5, 2021|
License checker tool reveals custom hash.
Mutare Voice (EVM), 3.0.0-3.3.7
On the admin portal of the Mutare Voice (EVM) web application, the “Update License Key” link reveals a tool that can be used to decode an entered custom hash that could be used to determine.
The editkey.asp file can be removed from the application.
Upgrading Mutare Voice (EVM) to release 3.3.8 fixes the vulnerability by updating the tool to never show the license key itself.
Mutare would like to thank Tesla for reporting this issue and working with Mutare to help protect our customers.