Use of a Broken or Risky Cryptographic Algorithm

CVE-2023-0452

Medium

5.3/10

Summary

All versions of Econolite EOS traffic control software are vulnerable to CWE-328: Use of Weak Hash, and use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.

References

Advisory Timeline

Published Jan 26, 2023

Use of a Broken or Risky Cryptographic Algorithm

CVE-2023-0452

Summary

CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS