CVE-2019-5723 - Inadequate Encryption Strength

Severity

50%

Complexity

99%

Confidentiality

48%

An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwords are stored using reversible encryption rather than as a hash value, and the used Vigenere algorithm is badly outdated. Moreover, the encryption key is static and too short. Due to this, the passwords stored by the application can be easily decrypted.

An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwords are stored using reversible encryption rather than as a hash value, and the used Vigenere algorithm is badly outdated. Moreover, the encryption key is static and too short. Due to this, the passwords stored by the application can be easily decrypted.

CVSS 3.0 Base Score 9.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N).

Overview

Type

Portier

First reported 5 years ago

2019-03-21 16:01:00

Last updated 5 years ago

2019-03-22 18:01:00

Affected Software

Portier 4.4.4.2

4.4.4.2

Portier 4.4.4.6

4.4.4.6

References

http://packetstormsecurity.com/files/151118/PORTIER-4.4.4.2-4.4.4.6-Cryptographic-Issues.html

Exploit, Third Party Advisory, VDB Entry

20190111 [SYSS-2018-011] Portier - Cryptographic Issues

Exploit, Mailing List, Third Party Advisory

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-011.txt

Exploit, Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.