CVE-2019-10855

Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database.
References
Configurations

Configuration 1

cpe:2.3:a:computrols:computrols_building_automation_software:*:*:*:*:*:*:*:*

Information

Published : 2019-05-23 07:29

Updated : 2020-08-24 05:37


NVD link : CVE-2019-10855

Mitre link : CVE-2019-10855

Products Affected
No products.
CWE
CWE-326

Inadequate Encryption Strength