CVE-2021-41286

Name of the Vulnerable Software and Affected Versions Omikron MultiCash Desktop version 4.00.008.SP5

Description The issue arises from a client-side authentication mechanism. When a user logs in, the password validity is checked locally. All database backend communication uses the same technical account. An attacker can exploit this by attaching a debugger to the process or creating a patch that manipulates the login function to always return a success value, allowing login with any account, including the administrative account.

Recommendations For Omikron MultiCash Desktop version 4.00.008.SP5, consider disabling the login function until a patch is available to prevent exploitation. Restrict access to the administrative account to minimize risk. Avoid using the application until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.