Use of Hard-coded Credentials

CVE-2020-11719

High

7.5/10

Summary

An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. It relies on broken encryption with a weak and guessable static encryption key.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-798 - Use of Hard-coded Credentials

The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

References

Advisory Timeline

Published Dec 23, 2020

Use of Hard-coded Credentials

CVE-2020-11719

Summary

CWE-798 - Use of Hard-coded Credentials

References

Advisory Timeline

KICS Auto Scanning VS Code Extension

CuteBoi

KICS SaaS