Attackers Can Easily Decrypt and Use Stolen Passwords to Corrupt the System

CVE-2024-3543
6.4MEDIUM

Key Information

Vendor
Progress Software Corporation
Status
Loadmaster
Vendor
CVE Published:
2 May 2024

Summary

Use of reversible password encryption algorithm allows attackers to decrypt passwords.  Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system.

Affected Version(s)

LoadMaster <= LoadMaster 7.2.55.0 (GA)

LoadMaster < 7.2.59.4

LoadMaster < 7.2.54.10

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database

Credit

Agenzia per la Cybersicurezza Nazionale (ACN)
.