A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, which can be decrypted with a .NET function, obtaining the username's password in plain text.
Metrics
Affected Vendors & Products
References
History
Mon, 23 Sep 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-327 | |
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: INCIBE
Published: 2023-10-03T13:26:03.410Z
Updated: 2024-09-23T17:18:21.586Z
Reserved: 2023-06-21T11:12:47.284Z
Link: CVE-2023-3350
Vulnrichment
Updated: 2024-08-02T06:55:03.344Z
NVD
Status : Modified
Published: 2023-10-03T14:15:10.927
Modified: 2024-09-23T18:35:05.753
Link: CVE-2023-3350
Redhat
No data.