PT-2023-23789 · Alerton · Alerton Acm

Published

2023-06-28

Updated

2024-08-02

CVE-2023-3243

CVSS v3.1

8.3

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions BCM-WEB version 3.3.X

Description An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could result in a successful brute force password attack.

Recommendations Upgrade to a supported product such as Alerton ACM. As a temporary workaround, consider restricting access to the authenticating hash until a patch is available. Avoid using the poorly salted MD5 hash in the affected product until the issue is resolved.

Fix

Inadequate Encryption Strength

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-326CWE-290

Related Identifiers

CVE-2023-3243

Affected Products

Alerton Acm

PT-2023-23789 · Alerton · Alerton Acm

CVE-2023-3243

Weakness Enumeration

Related Identifiers

Affected Products

References · 5