PT-2023-26941 · Unknown · Irm Next Generation
Adrian Schipor
+2
·
Published
2023-09-07
·
Updated
2023-09-12
·
CVE-2023-39420
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IRM Next Generation booking engine (affected versions not specified)
Description
The RDPCore.dll component in the IRM Next Generation booking engine allows a remote user to connect to customers with an "admin" account and a corresponding password computed daily by a routine inside the DLL file. Once reverse-engineered, this routine can help an attacker generate the daily password and connect to application customers, giving them full, unrestricted access to the application.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Irm Next Generation