CVE-2020-10375
MEDIUMNew Media Smarty < 9.10 - Inadequate Encryption Strength in Password Storage
Title source: llmDescription
An issue was discovered in New Media Smarty before 9.10. Passwords are stored in the database in an obfuscated format that can be easily reversed. The file data.mdb contains these obfuscated passwords in the second column. NOTE: this is unrelated to the popular Smarty template engine product.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.x41-dsec.de/lab/advisories/x41-2020-005-smarty/
Product x_refsource_misc
https://www.smarty-online.de
Scores
CVSS v3
5.5
EPSS
0.0031
EPSS Percentile
22.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-326
Status
published
Products (1)
newmediacompany/smarty
< 9.10
Published
Feb 05, 2021
Tracked Since
Feb 18, 2026