Insecure Encryption of Security Questions Exposes Optibot Reset Station to Attack
CVE-2024-23579

6.5MEDIUM

Key Information:

Vendor: Hcl Software
Status: Dryice Optibot Reset Station
Vendor: CVE Published:; 28 May 2024

Summary

HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of security questions. This could allow an attacker with access to the database to recover some or all encrypted values.

Affected Version(s)

DRYiCE Optibot Reset Station 1.0, 2.0

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 28, 2024
Vulnerability Reserved
Jan 18, 2024