CVE-2021-38459
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. If a specific .exe is not restarted often, it is possible to access the needed handshake packets between admin/client connections. Using the SYSDBA permission, an attacker can change user passwords or delete the database.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AUVESY | Versiondog | All <= 8.0 | affected |
Weaknesses
- CWE-294: CWE-294 Authentication Bypass by Capture-replay
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.