Inadequate Encryption Strength

CVE-2020-10601

High

7.8/10

Summary

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-326 - Inadequate Encryption Strength

The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References

Advisory Timeline

Published Apr 03, 2020

Inadequate Encryption Strength

CVE-2020-10601

Summary

CWE-326 - Inadequate Encryption Strength

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS