CVE-2019-5723 — CRITICAL (9.8)

Vulnerability Description

An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwords are stored using reversible encryption rather than as a hash value, and the used Vigenere algorithm is badly outdated. Moreover, the encryption key is static and too short. Due to this, the passwords stored by the application can be easily decrypted.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Portier	Portier	4.4.4.2

Related Weaknesses (CWE)

CWE-522 CWE-327

References

http://packetstormsecurity.com/files/151118/PORTIER-4.4.4.2-4.4.4.6-CryptographiExploitThird Party AdvisoryVDB Entry
https://seclists.org/bugtraq/2019/Jan/8ExploitMailing ListThird Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-011.tExploitThird Party Advisory
http://packetstormsecurity.com/files/151118/PORTIER-4.4.4.2-4.4.4.6-CryptographiExploitThird Party AdvisoryVDB Entry
https://seclists.org/bugtraq/2019/Jan/8ExploitMailing ListThird Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-011.tExploitThird Party Advisory

FAQ

What is CVE-2019-5723?

CVE-2019-5723 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwords are stored using reversible encryption rather than as a hash value, and the used Vigenere algorithm is badly outdated. Moreover...

How severe is CVE-2019-5723?

CVE-2019-5723 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-5723?

Check the references section above for vendor advisories and patch information. Affected products include: Portier Portier.