CVE-2024-25102
Information Disclosure Vulnerability in CDAC AppSamvid Software
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
This vulnerability exists in AppSamvid software due to the usage of a weaker cryptographic algorithm (hash) SHA1 in user login component. An attacker with local administrative privileges could exploit this to obtain the password of AppSamvid on the targeted system. Successful exploitation of this vulnerability could allow the attacker to take complete control of the application on the targeted system.
Esta vulnerabilidad existe en el software AppSamvid debido al uso de un algoritmo criptográfico (hash) SHA1 más débil en el componente de inicio de sesión del usuario. Un atacante con privilegios administrativos locales podría aprovechar esto para obtener la contraseña de AppSamvid en el sistema objetivo. La explotación exitosa de esta vulnerabilidad podría permitir al atacante tomar el control total de la aplicación en el sistema objetivo.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-02-05 CVE Reserved
- 2024-03-06 CVE Published
- 2024-03-07 EPSS Updated
- 2024-09-23 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-326: Inadequate Encryption Strength
CAPEC
- CAPEC-20: Encryption Brute Forcing
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| CDAC Search vendor "CDAC" | AppSamvid Software Search vendor "CDAC" for product "AppSamvid Software" | <= 2.0.1 Search vendor "CDAC" for product "AppSamvid Software" and version " <= 2.0.1" | en |
Affected
| ||||||