Mutare Security Advisory

Advisory IDMUTARE-2021-006
SeverityLow
CVETBD
Published DateFebruary 5, 2021
Revision Date

Overview

License checker tool reveals custom hash.

Affected Products/Versions

Mutare Voice (EVM), 3.0.0-3.3.7

Vulnerability Details

On the admin portal of the Mutare Voice (EVM) web application, the “Update License Key” link reveals a tool that can be used to decode an entered custom hash that could be used to determine.

Workarounds

The editkey.asp file can be removed from the application.

Solution

Upgrading Mutare Voice (EVM) to release 3.3.8 fixes the vulnerability by updating the tool to never show the license key itself.

References

None

Acknowledgements

Mutare would like to thank Tesla for reporting this issue and working with Mutare to help protect our customers.