PT-2020-15283 · Sick · Sick Package Analytics

Published

2020-07-29

Updated

2020-08-03

CVE-2020-2078

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions SICK Package Analytics software versions up to and including V04.1.1

Description The issue concerns the storage of passwords in plain text within the configuration of the software. This allows an authorized attacker to access the stored plaintext credentials, potentially gaining access to the ftp service and compromising personal or sensitive information.

Recommendations For versions up to and including V04.1.1, update to a version that securely stores passwords, ensuring that plaintext credentials are no longer accessible to authorized attackers.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2020-2078

Affected Products

Sick Package Analytics

PT-2020-15283 · Sick · Sick Package Analytics

CVE-2020-2078

Weakness Enumeration

Related Identifiers

Affected Products

References · 3