{"Brute Force Attacks Can Bypass Weak Password Policy in YMS VIS Pro","Unauthorized Access and Operation Execution via Improper Credentials Generation"}

CVE-2024-3263

9.8CRITICAL

Key Information

Vendor: Yms
Status: Vis Pro
Vendor: CVE Published:; 14 May 2024

Summary

YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Due to a combination of improper method for system credentials generation and weak password policy, passwords can be easily guessed and enumerated through brute force attacks. Successful attacks can lead to unauthorised access and execution of operations based on assigned user permissions. This vulnerability affects VIS Pro in versions <= 3.3.0.6. This vulnerability has been mitigated by changes in authentication mechanisms and implementation of additional authentication layer and strong password policies.

Affected Version(s)

VIS Pro <= 3.3.0.6

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
May 14, 2024
Developer and system operator confirmed vulnerability fix
Apr 17, 2024
Vulnerability Reserved.
Apr 3, 2024
Vulnerability confirmed by system operator
Feb 27, 2024
Developer and system operator notified by SK-CERT
Feb 26, 2024
Vulnerability reported to SK-CERT
Feb 25, 2024

Collectors

NVD DatabaseMitre Database

Credit

REMEDIATA ([email protected])