Use of a One-Way Hash without a Salt in APM Classic - CVE-2020-16244

 

Use of a One-Way Hash without a Salt in APM Classic - CVE-2020-16244

Published: September 23, 2020


Vulnerability identifier: #VU46986
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-16244
CWE-ID: CWE-759
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: GE Digital
Affected software:
APM Classic

Detailed vulnerability description

The vulnerability allows a remote user to gain access to sensitive information on the system.

The vulnerability exists due to salt is not used for hash calculation of passwords, making it possible to decrypt passwords. A remote administrator can retrieve all user account data and then retrieve the actual passwords. 


How to mitigate CVE-2020-16244

Install updates from vendor's website.

Sources