PT-2022-17379 · Alf-Banco · Alf-Banco

Nicolò Tescari

Published

2022-03-25

Updated

2022-03-31

CVE-2022-25577

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions ALF-BanCO versions 8.2.5 and below

Description The issue concerns the use of a hardcoded password to encrypt the SQLite database containing user data. Attackers with remote or local access to the system can read and modify the data.

Recommendations For versions 8.2.5 and below, consider changing the hardcoded password to a unique, secure password for each user, and restrict access to the SQLite database to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2022-25577

Affected Products

Alf-Banco

PT-2022-17379 · Alf-Banco · Alf-Banco

CVE-2022-25577

Weakness Enumeration

Related Identifiers

Affected Products

References · 4