PT-2001-2631 · Pathways · Pathways Homecare
Published
2001-12-31
·
Updated
2025-01-16
·
CVE-2001-1546
CVSS v2.0
4.6
Medium
| Vector | AV:L/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Pathways Homecare version 6.5
Description
The issue concerns the use of weak encryption for user names and passwords. This weakness allows local users to gain privileges by recovering the passwords from the pwhc.ini file.
Recommendations
For Pathways Homecare version 6.5, consider changing the passwords and storing them securely to prevent unauthorized access until a more robust encryption method is implemented. As a temporary workaround, restrict access to the pwhc.ini file to minimize the risk of exploitation.
Exploit
Fix
Inadequate Encryption Strength
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pathways Homecare