Описание
Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 19.0.0 (включая)
cpe:2.3:a:computrols:computrols_building_automation_software:*:*:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.00148
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-326
Связанные уязвимости
github
больше 3 лет назад
Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database.
EPSS
Процентиль: 36%
0.00148
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-326