Cleartext Password Storage in MV iDigital Clinic Enterprise by MV
CVE-2022-31405

6.5MEDIUM

Key Information:

Vendor

Mv Idigital Clinic Enterprise Project

Status
Mv Idigital Clinic Enterprise
Vendor
CVE Published:
27 February 2023

What is CVE-2022-31405?

The MV iDigital Clinic Enterprise (iDCE) version 1.0 is affected by a security vulnerability where user passwords are stored in cleartext format. This practice puts sensitive user information at risk, allowing potential attackers to easily access, read, and exploit these passwords to gain unauthorized access to accounts and sensitive data. Organizations using this software are advised to implement immediate remedies to enhance password security and protect their user base.

References

https://github.com/ifmacedo/mconnect/blob/main/IDCE-Clear...
https://www.linkedin.com/pulse/armazenamento-inseguro-idc...
https://mv.com.br/pt/blog/microdata-integra-novo-modulo-c...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2022-31405 : Cleartext Password Storage in MV iDigital Clinic Enterprise by MV