Weak Encryption of User Credentials in Pathways Homecare 6.5 Allows Privilege Escalation

Weak Encryption of User Credentials in Pathways Homecare 6.5 Allows Privilege Escalation

CVE-2001-1546 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users to gain privileges by recovering the passwords from the pwhc.ini file.

Learn more about our User Device Pen Test.