CVE-2019-3906

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Premisys Identicard version 3.1.190

Description The issue concerns hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can exploit these credentials to access and modify the badge system database.

Recommendations For Premisys Identicard version 3.1.190, consider changing the hardcoded credentials in the WCF service to prevent unauthorized access. As a temporary workaround, restrict access to the WCF service on port 9003 to minimize the risk of exploitation.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2019-3906

Affected Products

Premisys Identicard

CVE-2019-3906

Weakness Enumeration

Related Identifiers

Affected Products

References · 5