CVE-2022-41400

Name of the Vulnerable Software and Affected Versions Sage 300 versions through 2022

Description The issue involves the use of a hard-coded 40-byte blowfish key for encrypting and decrypting user passwords and SQL connection strings stored in ISAM database files. This could allow attackers to decrypt user passwords and SQL connection strings.

Recommendations For Sage 300 versions through 2022, consider changing the hard-coded blowfish key to a unique, securely generated key for each installation to prevent decryption of user passwords and SQL connection strings. At the moment, there is no information about a newer version that contains a fix for this vulnerability.