A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, which can be decrypted with a .NET function, obtaining the username's password in plain text.
References
Link | Resource |
---|---|
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-ibermatica-rps-2019 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: INCIBE
Published: 2023-10-03T13:26:03.410Z
Updated: 2023-10-03T13:26:03.410Z
Reserved: 2023-06-21T11:12:47.284Z
Link: CVE-2023-3350
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-10-03T14:15:10.927
Modified: 2023-10-05T00:58:54.997
Link: CVE-2023-3350
JSON object: View
Redhat Information
No data.
CWE