Security Issue: Installer should not be able to download full backup config

Dear Cambium,

I already contacted support which suggest me to add an Idea.

As installer user there is the ability to download full backup config, containing also the admin password hash. (md5)

This could be cracked, so I classify this as Information Leakage that could bring to Privilege Escalation.

I was unable to contact security@<mail>

I'm waiting for feedback.


Sorry for some missing informations. The affected product is: ePMP 1000 version 3.5.1