Attackers Can Easily Decrypt and Use Stolen Passwords to Corrupt the System

CVE-2024-3543

6.4MEDIUM

Key Information

Vendor: Progress Software Corporation
Status: Loadmaster
Vendor: CVE Published:; 2 May 2024

Summary

Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system.

Affected Version(s)

LoadMaster <= LoadMaster 7.2.55.0 (GA)

LoadMaster < 7.2.59.4

LoadMaster < 7.2.54.10

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
May 2, 2024
Vulnerability Reserved.
Apr 9, 2024

Collectors

NVD DatabaseMitre Database

Credit

Agenzia per la Cybersicurezza Nazionale (ACN)