CVE-2020-10552

HIGH

Psyprax < 3.2.2 - Unauthenticated Database Access via Default Credentials

Title source: llm
STIX 2.1

Description

An issue was discovered in Psyprax before 3.2.2. The Firebird database is accessible with the default user sysdba and password masterke after installation. This allows any user to access it and read and modify the contents, including passwords. Local database files can be accessed directly as well.

References (1)

Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.x41-dsec.de/lab/advisories/x41-2020-002-psyprax

Scores

CVSS v3 8.1
EPSS 0.0107
EPSS Percentile 60.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-1188
Status published
Products (1)
psyprax/psyprax < 3.2.2
Published Feb 05, 2021
Tracked Since Feb 18, 2026