Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings.
References
Link | Resource |
---|---|
https://www.sage.com/en-ca/products/sage-300/ | Product |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-04-28T00:00:00
Updated: 2023-04-28T00:00:00
Reserved: 2022-09-26T00:00:00
Link: CVE-2022-41400
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-04-28T13:15:13.560
Modified: 2023-05-05T18:03:05.717
Link: CVE-2022-41400
JSON object: View
Redhat Information
No data.
CWE