CVE-2024-3543

Summary

Use of reversible password encryption algorithm allows attackers to decrypt passwords.  Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system.

Affected Software

VendorProductVersion RangeStatus
Progress Software CorporationLoadMasterLoadMaster 7.2.55.0 (GA) < 7.2.59.4affected
Progress Software CorporationLoadMasterLoadMaster 7.2.49.0 (LTSF) < 7.2.54.10affected
Progress Software CorporationLoadMasterLoadMaster 7.2.48.11 (LTS) < 7.2.48.12affected

Weaknesses

  • CWE-257: CWE-257: Storing Passwords in a Recoverable Format

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References