A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, which can be decrypted with a .NET function, obtaining the username's password in plain text.
History

Mon, 23 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-327
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: INCIBE

Published: 2023-10-03T13:26:03.410Z

Updated: 2024-09-23T17:18:21.586Z

Reserved: 2023-06-21T11:12:47.284Z

Link: CVE-2023-3350

cve-icon Vulnrichment

Updated: 2024-08-02T06:55:03.344Z

cve-icon NVD

Status : Modified

Published: 2023-10-03T14:15:10.927

Modified: 2024-09-23T18:35:05.753

Link: CVE-2023-3350

cve-icon Redhat

No data.