PT-2021-23275 · Unknown · Wallstreet Suite Trm
Dominique Righetto
·
Published
2021-10-15
·
Updated
2024-08-04
·
CVE-2021-41320
CVSS v3.1
5.5
Medium
| Vector | AC:L/AV:L/A:N/C:H/I:N/PR:L/S:U/UI:N |
Name of the Vulnerable Software and Affected Versions
Wallstreet Suite TRM version 7.4.83
Description
A technical user has hardcoded credentials with higher privilege than the average authenticated user. The vendor disputes this claim, stating that the password is not hardcoded as it can be changed during installation or at any later time.
Recommendations
For Wallstreet Suite TRM version 7.4.83, consider changing the default credentials during installation or at a later time to mitigate the risk of exploitation. As a temporary workaround, restrict access to the technical user account with higher privileges until the issue is resolved.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wallstreet Suite Trm