PT-2019-13979 · Prise · Prise Adas
Publicado
2019-09-20
·
Atualizado
2020-08-24
·
CVE-2019-15088
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PRiSE adAS version 1.7.0
Description
An issue was discovered where password hashes are compared using the equality operator, allowing potential bypass of login authentication under specific circumstances.
Recommendations
For PRiSE adAS version 1.7.0, consider updating the authentication mechanism to use a secure comparison method to prevent potential bypass of login authentication. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Prise Adas