CVE-2019-10855

Name of the Vulnerable Software and Affected Versions Computrols CBAS version 18.0.0

Description The issue concerns the mishandling of password hashes. Specifically, it uses the MD5 hashing algorithm with a 'pw' prefix. For example, if the password is 'admin', it calculates the MD5 hash of 'pwadmin' and stores this hash in a MySQL database.

Recommendations For version 18.0.0, consider updating the password hashing mechanism to a more secure algorithm to mitigate the risk of exploitation. As a temporary workaround, restrict access to the password storage and retrieval functions to minimize the risk of unauthorized access.