Описание
Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings.
Уязвимые конфигурации
Конфигурация 1Версия до 2022 (включая)
cpe:2.3:a:sage:sage_300:*:*:*:*:*:*:*:*
EPSS
Процентиль: 25%
0.00087
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-798
CWE-798
Связанные уязвимости
CVSS3: 9.8
github
почти 3 года назад
Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings.
EPSS
Процентиль: 25%
0.00087
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-798
CWE-798