Weak Password Storage Vulnerability in Versa Director and Analytics by Versa Networks
CVE-2019-25030

5.5MEDIUM

Key Information:

Vendor: Versa-networks
Status: Versa Director, Versa Analytics, Versa Vos
Vendor: CVE Published:; 26 May 2021

🔔 Create Versa-networks Vulnerability Alert

What is CVE-2019-25030?

In Versa Director, Analytics, and VOS, stored passwords lack adequate security due to the use of outdated hashing methods. These systems do not employ adaptive cryptographic hash functions or key derivation functions prior to password storage. This creates a significant risk as attackers can utilize precomputed hash values, known as rainbow tables, to quickly crack weakly hashed passwords. Implementing adaptive hashing algorithms like scrypt or bcrypt, or using Key-Derivation Functions such as PBKDF2 can drastically improve password security by rendering the generation of rainbow tables computationally infeasible.

Affected Version(s)

Versa Director, Versa Analytics, Versa VOS Fixed Versions: 16.1R2S11, 20.2.2, 21.1.1, 21.2.1

References

https://hackerone.com/reports/1168197

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2021
Vulnerability Reserved
Apr 23, 2021

JSON