Suggested description
The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext, an attacker needs to be authenticated.
Vulnerability Type
Credential disclosure
Vendor of Product
Ericsson-LG
Affected Product Code Base
iPECS NMS - A.1Ac
Attack Type
Remote
Reference
https://www.youtube.com/watch?v=ah3MLcAURlc
https://www.ipecs.com/site/lgericsson/menu/158.do?scene=detail&productNo=45
Discoverer
Berk Cem Goksel
CVE-2018-10286