PT-2021-20215 · Microsoft+1 · Sql Server+1

Philipp Mao

Published

2021-09-30

Updated

2021-10-12

CVE-2021-33583

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions REINER timeCard version 6.05.07

Description The issue concerns a hardcoded sa password in the TCServer.jar file for a Microsoft SQL Server installed by REINER timeCard. This hardcoded password could potentially allow unauthorized access to the SQL Server.

Recommendations For REINER timeCard version 6.05.07, consider changing the hardcoded sa password in the TCServer.jar file to a secure, unique password to prevent unauthorized access. As a temporary workaround, restrict access to the SQL Server instance installed by REINER timeCard to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2021-33583

Affected Products

Sql Server

Reiner Timecard

PT-2021-20215 · Microsoft+1 · Sql Server+1

CVE-2021-33583

Weakness Enumeration

Related Identifiers

Affected Products

References · 5