Encryption Flaw in Microsoft Dynamics GP Exposes Sensitive Information
CVE-2010-2011

Currently unrated

Key Information:

Vendor: Microsoft
Status: Dynamics Gp
Vendor: CVE Published:; 21 May 2010

Summary

An encryption flaw in Microsoft Dynamics GP utilizes a substitution cipher to secure the system password field along with other unspecified fields. This vulnerability can be exploited by remote authenticated users, enabling them to decrypt these fields and potentially access sensitive information lying within. Such weaknesses in data encryption strategies raise significant security concerns for users of the product, emphasizing the necessity for timely updates and stronger encryption practices.

References

http://blogs.msdn.com/developingfordynamicsgp/archive/200...

x_refsource_MISC

http://www.christopherkois.com/?p=448

x_refsource_MISC

http://slashdot.org/story/10/05/21/1437227

x_refsource_MISC

EPSS Score

25% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
May 21, 2010