Main Vulnerability Database Vulnerabilities #VU46986

Use of a One-Way Hash without a Salt in APM Classic - CVE-2020-16244

Published: September 23, 2020

Vulnerability identifier: #VU46986

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-16244

CWE-ID: CWE-759

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
APM Classic

Software vendor:
GE Digital

Description

The vulnerability allows a remote user to gain access to sensitive information on the system.

The vulnerability exists due to salt is not used for hash calculation of passwords, making it possible to decrypt passwords. A remote administrator can retrieve all user account data and then retrieve the actual passwords.

Remediation

Install updates from vendor's website.

External links

https://ics-cert.us-cert.gov/advisories/icsa-20-266-01

Use of a One-Way Hash without a Salt in APM Classic - CVE-2020-16244

Description

Remediation

External links

Please verify you're human