The NCCIC has released an advisory on authentication bypass using an alternate path or channel and insufficiently protected credentials vulnerabilities in Circontrol CirCarLife. All versions prior to 4.3.1 are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to retrieve credentials stored in clear text to bypass authentication, and see and access critical information. Circontrol has released a new version of the software. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.