CVE-2020-10554 - OpenCVE

An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAAAA is stored in the database as MMMMMMMM.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Psyprax	Psyprax

Configuration 1 [-]

cpe:2.3:a:psyprax:psyprax:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.x41-dsec.de/lab/advisories/x41-2020-002-psyprax	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-02-05T19:20:15

Updated: 2021-02-05T19:20:15

Reserved: 2020-03-13T00:00:00

Link: CVE-2020-10554

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-02-05T20:15:12.870

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-10554

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:psyprax:psyprax:*:*:*:*:*:*:*:*", "matchCriteriaId": "2BF504F8-37CA-41C2-8A4A-78CD57197D2C", "versionEndExcluding": "3.2.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAAAA is stored in the database as MMMMMMMM."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Psyprax versiones anteriores a 3.2.2. Las contrase\u00f1as usadas para cifrar los datos que son almacenados en la base de datos en un formato ofuscado, que puede ser f\u00e1cilmente revertido. Por ejemplo, la contrase\u00f1a AAAAAAAA es almacenada en la base de datos como MMMMMMMM"}], "id": "CVE-2020-10554", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-05T20:15:12.870", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.x41-dsec.de/lab/advisories/x41-2020-002-psyprax"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-326"}, {"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}]}