Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data.
References
Link | Resource |
---|---|
https://www.tenable.com/security/research/tra-2019-01 | Third Party Advisory |
http://www.securityfocus.com/bid/106552 | Third Party Advisory VDB Entry |
Configurations
Information
Published : 2019-01-18 10:29
Updated : 2022-12-03 06:46
NVD link : CVE-2019-3908
Mitre link : CVE-2019-3908
JSON object : View
CWE
CWE-798
Use of Hard-coded Credentials
Products Affected
identicard
- premisys_id