CVE-2023-3350

Name of the Vulnerable Software and Affected Versions IBERMATICA RPS version 2019

Description A cryptographic issue has been found, allowing an attacker to download a log file and retrieve SQL queries sent to the application in plain text. The log file contains password hashes coded with the AES-CBC-128 bits algorithm, which can be decrypted using a .NET function to obtain the username's password in plain text.

Recommendations For IBERMATICA RPS version 2019, consider restricting access to the log file to prevent unauthorized downloads, and avoid using the .NET function to decrypt password hashes until a patch is available. As a temporary workaround, consider implementing additional security measures to protect password hashes, such as using a more secure encryption algorithm or hashing method. At the moment, there is no information about a newer version that contains a fix for this vulnerability.