Plaintext Password Retrieval Vulnerability in IBERMATICA RPS 2019

Plaintext Password Retrieval Vulnerability in IBERMATICA RPS 2019

CVE-2023-3350 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, which can be decrypted with a .NET function, obtaining the username's password in plain text.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.