PT-2023-23789 · Alerton · Alerton Acm

Publicado

2023-06-28

Atualizado

2024-08-02

CVE-2023-3243

CVSS v3.1

8.3

Alta

Vetor

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions BCM-WEB version 3.3.X

Description An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could result in a successful brute force password attack.

Recommendations Upgrade to a supported product such as Alerton ACM. As a temporary workaround, consider restricting access to the authenticating hash until a patch is available. Avoid using the poorly salted MD5 hash in the affected product until the issue is resolved.

Correção

Inadequate Encryption Strength

Authentication Bypass by Spoofing

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-326CWE-290

Identificadores relacionados

CVE-2023-3243

Produtos afetados

Alerton Acm

PT-2023-23789 · Alerton · Alerton Acm

CVE-2023-3243

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5