Plaintext Storage of User Credentials in QMS Automotive (All versions < V12.39)

Plaintext Storage of User Credentials in QMS Automotive (All versions < V12.39)

CVE-2022-43958 · HIGH Severity

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

A vulnerability has been identified in QMS Automotive (All versions < V12.39), QMS Automotive (All versions < V12.39). User credentials are stored in plaintext in the database without any hashing mechanism. This could allow an attacker to gain access to credentials and impersonate other users.

Learn more about our Automotive Penetration Testing.