PT-2020-12805 · Programi · Programi Bilanc

Georg Ph E Heise

Published

2020-12-18

Updated

2021-07-21

CVE-2020-11719

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Programi Bilanc versions prior to build 007 release 014 31.01.2020

Description An issue was discovered that relies on broken encryption with a weak and guessable static encryption key.

Recommendations For versions prior to build 007 release 014 31.01.2020, consider updating to a newer version that addresses the broken encryption issue. As a temporary workaround, restrict access to sensitive data that may be encrypted with the weak key until a patch is available.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2020-11719

Affected Products

Programi Bilanc

PT-2020-12805 · Programi · Programi Bilanc

CVE-2020-11719

Weakness Enumeration

Related Identifiers

Affected Products

References · 6