CVE-2021-3833
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Ártica | Integria IMS | 5.0.92 | affected |
Weaknesses
- CWE-697: CWE-697 Incorrect Comparison
ADP Enrichment
CVE Program Container
Additional References
- https://integriaims.com/en/services/updates/
- https://www.incibe.es/en/incibe-cert/notices/aviso/integria-ims-incorrect-authorization
References
- https://integriaims.com/en/services/updates/
- https://www.incibe.es/en/incibe-cert/notices/aviso/integria-ims-incorrect-authorization
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.