Description
Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set. However, only the private key - if available in the backup - is encrypted, while the backup file itself remains unencrypted.
Problem types
CWE-1104 Use of Unmaintained Third Party Components
CWE-311 Missing Encryption of Sensitive Data
Product status
2.6.0
3.6.0
References
psirt.bosch.com/security-advisories/BOSCH-SA-129652.html
