exploitDog

CVE-2021-3833

Опубликовано: 07 окт. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.

Ссылки

https://integriaims.com/en/services/updates/
Release Notes
Vendor Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/integria-ims-incorrect-authorization
https://integriaims.com/en/services/updates/
Release Notes
Vendor Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/integria-ims-incorrect-authorization

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:artica:integria_ims:5.0.92:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00607

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-697

CWE-697

Связанные уязвимости

GHSA-5pf8-m5c6-qc44

CVSS3: 9.8

github

больше 3 лет назад

Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.

EPSS

Процентиль: 69%

0.00607

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-697

CWE-697