Use of Hard-coded Password
CVE-2019-3908
Summary
Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- HIGH
- NONE
CWE-259 - Use of Hard-coded Password
The software contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.
References
Advisory Timeline
- Published
