Remote Code Execution via Password Hashing Function Manipulation

Remote Code Execution via Password Hashing Function Manipulation

CVE-2019-15087 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can change the function used to hash passwords to any function, leading to remote code execution.

Learn more about our User Device Pen Test.