CVE-2021-3833

Sažetak

Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.

Reference

https://integriaims.com/en/services/updates/
https://www.incibe.es/en/incibe-cert/notices/aviso/integria-ims-incorrect-authorization

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

17-09-2024 - 00:15

Objavljeno

07-10-2021 - 16:15