Attackers Can Easily Decrypt and Use Stolen Passwords to Corrupt the System
CVE-2024-3543

6.4MEDIUM

Key Information:

Vendor: Progress Software
Status: Loadmaster
Vendor: CVE Published:; 2 May 2024

Summary

Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system.

Affected Version(s)

LoadMaster LoadMaster 7.2.55.0 (GA)

LoadMaster LoadMaster 7.2.55.0 (GA) < 7.2.59.4

LoadMaster LoadMaster 7.2.49.0 (LTSF) < 7.2.54.10

References

https://kemptechnologies.com/

product

https://support.kemptechnologies.com/hc/en-us/articles/25...

vendor-advisory

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 2, 2024
Vulnerability Reserved
Apr 9, 2024

Collectors

NVD DatabaseMitre Database

Credit

Agenzia per la Cybersicurezza Nazionale (ACN)