7.5
CVE-2024-3543
- EPSS 0.13%
- Veröffentlicht 02.05.2024 14:15:10
- Zuletzt bearbeitet 10.02.2025 15:16:45
- Quelle security@progress.com
- Teams Watchlist Login
- Unerledigt Login
Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Progress ≫ Loadmaster SwEditionltsf Version >= 7.2.49.0 < 7.2.54.10
Progress ≫ Loadmaster SwEditionga Version >= 7.2.55.0 < 7.2.59.4
Progress ≫ Loadmaster Version7.2.48.11 SwEditionlts
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.335 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| security@progress.com | 6.4 | 0.5 | 5.9 |
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-257 Storing Passwords in a Recoverable Format
The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.
CWE-522 Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.