Mutare Security Advisory
| Advisory ID | MUTARE-2021-006 |
| Severity | Low |
| CVE | TBD |
| Published Date | February 5, 2021 |
| Revision Date | — |
Overview
License checker tool reveals custom hash.
Affected Products/Versions
Mutare Voice (EVM), 3.0.0-3.3.7
Vulnerability Details
On the admin portal of the Mutare Voice (EVM) web application, the “Update License Key” link reveals a tool that can be used to decode an entered custom hash that could be used to determine.
Workarounds
The editkey.asp file can be removed from the application.
Solution
Upgrading Mutare Voice (EVM) to release 3.3.8 fixes the vulnerability by updating the tool to never show the license key itself.
References
None
Acknowledgements
Mutare would like to thank Tesla for reporting this issue and working with Mutare to help protect our customers.