CVE-2019-5723
CRITICALportier 4.4.4.2 and 4.4.4.6 - Insufficiently Protected Credentials via Reversible Encryption
Title source: llmDescription
An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwords are stored using reversible encryption rather than as a hash value, and the used Vigenere algorithm is badly outdated. Moreover, the encryption key is static and too short. Due to this, the passwords stored by the application can be easily decrypted.
References (3)
Core 3
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/151118/PORTIER-4.4.4.2-4.4.4.6-Cryptographic-Issues.html
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Jan/8
Exploit, Third Party Advisory x_refsource_misc
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-011.txt
Scores
CVSS v3
9.8
EPSS
0.0108
EPSS Percentile
60.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-327
CWE-522
Status
published
Products (2)
portier/portier
4.4.4.2
portier/portier
4.4.4.6
Published
Mar 21, 2019
Tracked Since
Feb 18, 2026