CVE-2020-10554
HIGHPsyprax < 3.2.2 - Insufficiently Protected Credentials via Obfuscated Password Storage
Title source: llmDescription
An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAAAA is stored in the database as MMMMMMMM.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.x41-dsec.de/lab/advisories/x41-2020-002-psyprax
Scores
CVSS v3
7.5
EPSS
0.0077
EPSS Percentile
50.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-522
CWE-326
Status
published
Products (1)
psyprax/psyprax
< 3.2.2
Published
Feb 05, 2021
Tracked Since
Feb 18, 2026