CVE-2020-35992

Name of the Vulnerable Software and Affected Versions Fiserv Prologue through 2020-12-16

Description The issue arises from improper protection of the database password. An attacker gaining access to the configuration file, specifically the LogPassword attribute within appconfig.ini, can decrypt the stored password. This yields cleartext credentials for the database, allowing access to customer financial records and potentially enabling remote database login.

Recommendations For Fiserv Prologue through 2020-12-16, consider restricting access to the configuration file, specifically the appconfig.ini, to prevent unauthorized access to the LogPassword attribute until a proper fix is applied. Additionally, limit remote login capabilities to the database to minimize potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.