PT-2021-12596 · Bosch · Bosch Fsm-2500+1
Published
2021-01-25
·
Updated
2021-02-03
·
CVE-2020-6780
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Bosch FSM-2500 server versions up to and including 5.2
Bosch FSM-5000 server versions up to and including 5.2
Description:
The issue allows a remote attacker with admin privileges to dump the credentials of other users and possibly recover their plain-text passwords by brute-forcing the MD5 hash. This is due to the use of a password hash with insufficient computational effort in the database.
Recommendations:
For Bosch FSM-2500 server versions up to and including 5.2, consider updating to a version that uses a more secure password hashing algorithm.
For Bosch FSM-5000 server versions up to and including 5.2, consider updating to a version that uses a more secure password hashing algorithm.
As a temporary workaround, consider restricting access to the database and limiting the privileges of admin users to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bosch Fsm-2500
Bosch Fsm-5000