PT-2020-9625 · Red Hat · Business Central
Paramvir Jindal
·
Published
2020-03-05
·
Updated
2023-02-12
·
CVE-2019-14886
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
business-central as shipped in rhdm-7.5.1
business-central as shipped in rhpam-7.5.1
Description
A vulnerability was found in business-central where encoded passwords are stored in
errai security context. The encoding used for storing the passwords is Base64, not an encryption algorithm, and any recovery of these passwords could lead to user passwords being exposed.Recommendations
For business-central as shipped in rhdm-7.5.1, consider updating the password storage mechanism to use a secure encryption algorithm.
For business-central as shipped in rhpam-7.5.1, consider updating the password storage mechanism to use a secure encryption algorithm.
As a temporary workaround, consider restricting access to
errai security context to minimize the risk of password exposure.Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Business Central