CVE-2020-16244

Name of the Vulnerable Software and Affected Versions GE Digital APM Classic versions 4.4 and prior

Description The issue is related to a design flaw where salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This, combined with an IDOR vulnerability, puts the entire platform at high risk. An authenticated user can retrieve all user account data and then retrieve the actual passwords.

Recommendations For GE Digital APM Classic versions 4.4 and prior, consider implementing additional security measures to protect user account data, such as using salt for hash calculation of passwords and addressing the IDOR vulnerability to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.