PT-2019-13979 · Prise · Prise Adas
Published
2019-09-20
·
Updated
2020-08-24
·
CVE-2019-15088
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PRiSE adAS version 1.7.0
Description
An issue was discovered where password hashes are compared using the equality operator, allowing potential bypass of login authentication under specific circumstances.
Recommendations
For PRiSE adAS version 1.7.0, consider updating the authentication mechanism to use a secure comparison method to prevent potential bypass of login authentication. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Prise Adas