PT-2025-41886 · Unknown · Sipass Integrated
Published
2025-10-14
·
Updated
2025-10-14
·
CVE-2025-40774
CVSS v4.0
6.7
Medium
| Vector | AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
SiPass integrated versions prior to 3.0
Description
The software stores user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, potentially allowing an attacker to recover passwords. Successful exploitation could lead to unauthorized access to user accounts, data breaches, and system compromise.
Recommendations
Update to version 3.0 or later.
Fix
LPE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sipass Integrated