CVE-2019-3908

Summary

Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data.

Affected Software

VendorProductVersion RangeStatus
n/aPremisys Identicard 3.1.190Premisys Identicard 3.1.190affected

Weaknesses

  • CWE-259: CWE-259 Hard-coded Password

ADP Enrichment

CVE Program Container

Additional References

References