exploitDog

CVE-2022-25577

Опубликовано: 25 мар. 2022

Источник: nvd

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user's data. Attackers who are able to gain remote or local access to the system are able to read and modify the data.

Ссылки

https://github.com/ph0nkybit/proof-of-concepts/tree/main/Use_Of_Hardcoded_Password_In_ALF-BanCO_8.2.x
Exploit
Third Party Advisory
https://github.com/ph0nkybit/proof-of-concepts/tree/main/Use_Of_Hardcoded_Password_In_ALF-BanCO_8.2.x
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:alf-banco:alf-banco:*:*:*:*:*:*:*:*

Версия от 8.2.3 (включая) до 8.2.5 (включая)

EPSS

Процентиль: 50%

0.00267

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-798

Связанные уязвимости

GHSA-qvg3-jj6j-c973

CVSS3: 9.1

github

почти 4 года назад

ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user's data. Attackers who are able to gain remote or local access to the system are able to read and modify the data.

EPSS

Процентиль: 50%

0.00267

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-798