#VU22639 Reversible One-Way Hash

Published: 2019-11-11

Vulnerability identifier: #VU22639

Vulnerability risk: Low


CVE-ID: CVE-2019-13539


Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Valleylab FX8 Energy Platform
Hardware solutions / Other hardware appliances
Valleylab FT10 Energy Platform
Hardware solutions / Other hardware appliances
Valleylab Exchange Client
Client/Desktop applications / Other client software

Vendor: Medtronic


The vulnerability allows a local user to bypass authentication on the target system.

The vulnerability exists due to the the affected products use the decrypt algorithm for OS password hashing. While interactive, network-based logins are disable and local user can use other vulnerabilities to obtain local shell access and access these hashes.

Install updates from vendor's website.

Vulnerable software versions

Valleylab FX8 Energy Platform: 1.1.0

Valleylab Exchange Client: 3.4

Valleylab FT10 Energy Platform: 4.0.0


External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability