PT-2012-4442 · Iconics · Bizviz+1

Published

2012-07-31

Updated

2012-07-31

CVE-2012-3018

CVSS v2.0

4.4

Medium

Vector

AV:L/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ICONICS GENESIS32 versions 9.22 and earlier BizViz versions 9.22 and earlier

Description The issue concerns the lockout-recovery feature in the Security Configurator component, which uses an improper encryption algorithm for generating an authentication code. This allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response.

Recommendations For ICONICS GENESIS32 versions 9.22 and earlier, update to a version that addresses the improper encryption algorithm used in the lockout-recovery feature. For BizViz versions 9.22 and earlier, update to a version that addresses the improper encryption algorithm used in the lockout-recovery feature.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2012-3018

Affected Products

Bizviz

Iconics Genesis32

PT-2012-4442 · Iconics · Bizviz+1

CVE-2012-3018

Weakness Enumeration

Related Identifiers

Affected Products

References · 2