An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key.
References
Link | Resource |
---|---|
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0002.md | Exploit Third Party Advisory |
https://www.igel.com/igel-solution-family/universal-management-suite/ | Product Vendor Advisory |
Configurations
History
17 Jun 2022, 16:03
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.igel.com/igel-solution-family/universal-management-suite/ - Product, Vendor Advisory | |
References | (MISC) https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0002.md - Exploit, Third Party Advisory | |
CWE | CWE-798 | |
CPE | cpe:2.3:a:igel:universal_management_suite:6.07.100:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 8.8 |
09 Jun 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-09 04:15
Updated : 2024-02-04 22:29
NVD link : CVE-2022-25806
Mitre link : CVE-2022-25806
CVE.ORG link : CVE-2022-25806
JSON object : View
Products Affected
igel
- universal_management_suite
CWE
CWE-798
Use of Hard-coded Credentials