Описание
Prima Systems FlexAir devices allow authentication with MD5 hashes directly.
Prima Systems FlexAir devices allow authentication with MD5 hashes directly.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-7666
- https://applied-risk.com/labs/advisories
- https://www.applied-risk.com/resources/ar-2019-007
- https://www.us-cert.gov/ics/advisories/icsa-19-211-02
- http://packetstormsecurity.com/files/155262/Prima-FlexAir-Access-Control-2.3.35-Database-Backup-Predictable-Name.html
Связанные уязвимости
CVSS3: 8.8
nvd
больше 6 лет назад
Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash value of the password, which may allow an attacker with access to the database to login as admin without decrypting the password.