CVE-2024-7407

Summary

Use of a custom password encoding algorithm in Streamsoft Prestiż software allows straightforward decoding of passwords using their encoded forms, which are stored in the application's database. One has to know the encoding algorithm, but it can be deduced by observing how password are transformed.  This issue was fixed in 18.2.377 version of the software.

Affected Software

VendorProductVersion RangeStatus
StreamsoftStreamsoft Prestiż0 < 18.2.377affected

Weaknesses

  • CWE-261: CWE-261 Weak Encoding for Password

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References