PT-2019-18689 · Prima Systems · Flexair
Published
2019-07-01
·
Updated
2022-10-25
·
CVE-2019-7666
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Prima Systems FlexAir versions 2.3.38 and prior
Description
The issue allows for improper authentication using the MD5 hash value of the
password, potentially enabling an attacker with database access to login as admin without decrypting the password.Recommendations
For versions 2.3.38 and prior, consider updating to a version that uses a more secure authentication mechanism, such as one that does not rely on the MD5 hash value of the
password. As a temporary workaround, restrict access to the database to minimize the risk of exploitation.Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Flexair