CVE-2021-3833 — CRITICAL (9.8)

Vulnerability Description

Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Artica	Integria Ims	5.0.92

Related Weaknesses (CWE)

CWE-697

References

https://integriaims.com/en/services/updates/Release NotesVendor Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/integria-ims-incorrect-author
https://integriaims.com/en/services/updates/Release NotesVendor Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/integria-ims-incorrect-author

FAQ

What is CVE-2021-3833?

CVE-2021-3833 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted pass...

How severe is CVE-2021-3833?

CVE-2021-3833 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-3833?

Check the references section above for vendor advisories and patch information. Affected products include: Artica Integria Ims.