CVE-2023-48392
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, to execute login account’s permissions, and obtain relevant information.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Kaifa Technology | WebITR | 2_1_0_19 | affected |
Weaknesses
- CWE-321: CWE-321 Use of Hard-coded Cryptographic Key
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.