Full title: QiHang Media Web Digital Signage 3.0.9 Credential Disclosure Vulnerability 
Category: web applications
Platform: hardware
QiHang Media Web Digital Signage version 3.0.9 suffers from a clear-text credential disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file /xml/User/User.xml and obtain administrative login information that allows for a successful authentication bypass attack.

# 0day.today @ http://0day.today/