PT-2021-9153 · Psyprax · Psyprax

Published

2021-02-05

Updated

2021-07-21

CVE-2020-10554

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Psyprax versions prior to 3.2.2

Description An issue was discovered where passwords used to encrypt data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAAAA is stored in the database as MMMMMMMM.

Recommendations For versions prior to 3.2.2, update to version 3.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the database to minimize the risk of exploitation. Avoid using weak passwords and ensure that all passwords are complex and unique to prevent easy reversal of the obfuscated format.

Fix

Insufficiently Protected Credentials

Inadequate Encryption Strength

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-326

Related Identifiers

CVE-2020-10554

Affected Products

Psyprax

PT-2021-9153 · Psyprax · Psyprax

CVE-2020-10554

Weakness Enumeration

Related Identifiers

Affected Products

References · 4