Use of Password Hash With Insufficient Computational Effort

CVE-2019-3907

Medium

5/10

Summary

Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).

Access Complexity: LOW
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: NONE
Confidentiality Impact: PARTIAL
Availability Impact: NONE

CWE-916 - Use of Password Hash With Insufficient Computational Effort

The software generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.

References

Advisory Timeline

Published Jan 18, 2019

Use of Password Hash With Insufficient Computational Effort

CVE-2019-3907

Summary

CWE-916 - Use of Password Hash With Insufficient Computational Effort

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS