Storing passwords in a recoverable format in FUJIFILM Driver Distributor
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-43460 |
| CWE-ID | CWE-257 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Driver Distributor Other software / Other software solutions |
| Vendor | FUJIFILM Business Innovation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Storing passwords in a recoverable format
EUVDB-ID: #VU71671
Risk: Low
CVSSv3.1: 5.4 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-43460
CWE-ID:
CWE-257 - Storing Passwords in a Recoverable Format
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to decrypt passwords.
The vulnerability exists due to the passwords are stored in a recoverable format. A local attacker can retrieve the administrator's credentials
MitigationInstall updates from vendor's website.
Vulnerable software versionsDriver Distributor: 2.2.3.1
External linkshttp://jvn.jp/en/jp/JVN22830348/index.html
http://www.fujifilm.com/fbglobal/eng/company/news/notice/2023/0131_announce.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
