CVE-2012-3018

Name of the Vulnerable Software and Affected Versions ICONICS GENESIS32 versions 9.22 and earlier BizViz versions 9.22 and earlier

Description The issue concerns the lockout-recovery feature in the Security Configurator component, which uses an improper encryption algorithm for generating an authentication code. This allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response.

Recommendations For ICONICS GENESIS32 versions 9.22 and earlier, update to a version that addresses the improper encryption algorithm used in the lockout-recovery feature. For BizViz versions 9.22 and earlier, update to a version that addresses the improper encryption algorithm used in the lockout-recovery feature.