Name of the Vulnerable Software and Affected Versions ЕКRASMS-SP (affected versions not specified)

Description The issue is related to the implementation of the interaction protocol between the "АРМ Релейщика" software and the "Сервер связи" software of the ЕКRASMS-SP complex. It is caused by the lack of a hashing procedure and the presence of predefined authentication data used for password encryption during transmission and storage. This could allow a remote attacker to recover passwords if the user database is compromised or an authentication packet is intercepted.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.