CVE-2019-3908

Name of the Vulnerable Software and Affected Versions Premisys Identicard version 3.1.190

Description The issue concerns the storage of backup files as encrypted zip files with a hard-coded and unchangeable password. This allows an attacker with access to these backups to decrypt them and obtain sensitive data.

Recommendations For Premisys Identicard version 3.1.190, consider changing the backup storage mechanism to one that uses a secure, user-defined password or encryption key, and ensure that access to backups is strictly controlled. As a temporary workaround, restrict access to the backup files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.