CVE-2020-10554

HIGH

Psyprax <3.2.2 - Info Disclosure

Title source: llm

Description

An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAAAA is stored in the database as MMMMMMMM.

References (1)

[Third Party Advisory] https://www.x41-dsec.de/lab/advisories/x41-2020-002-psyprax

Scores

CVSS v3 7.5

EPSS 0.0013

EPSS Percentile 32.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522 CWE-326

Status published

Affected Products (1)

psyprax/psyprax < 3.2.2

Timeline

Published Feb 05, 2021

Tracked Since Feb 18, 2026