Account Locking Bypass Vulnerability in Basware Banking (Maksuliikenne) 8.90.07.X

Account Locking Bypass Vulnerability in Basware Banking (Maksuliikenne) 8.90.07.X

CVE-2015-6745 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

Basware Banking (Maksuliikenne) 8.90.07.X relies on the client to enforce account locking, which allows local users to bypass that security mechanism by deleting the entry from the locking table. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability type and different affected versions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-6744.

Learn more about our User Device Pen Test.