PT-2022-7727 · Telecommunication · Samwin Contact Center Suite+1

Max Moser

Published

2022-05-24

Updated

2022-06-08

CVE-2013-10004

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Telecommunication Software SAMwin Contact Center Suite version 5.1

Description A critical issue was found in the Password Handler component, specifically affecting the passwordScramble function in the SAMwinLIBVB.dll library. This is due to an incorrect implementation of a hashing function, leading to predictable authentication possibilities.

Recommendations For Telecommunication Software SAMwin Contact Center Suite version 5.1, upgrade to version 6.2 to address the issue. It is recommended to upgrade the affected Password Handler component.

Exploit

Fix

Improper Restriction of Excessive Authentication Attempts

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-307CWE-287

Related Identifiers

CVE-2013-10004

Affected Products

Samwin Contact Center Suite

Samwinlibvb.Dll

PT-2022-7727 · Telecommunication · Samwin Contact Center Suite+1

CVE-2013-10004

Weakness Enumeration

Related Identifiers

Affected Products

References · 4