CVE-2022-25577 - Vulnerability Details - OpenCVE

ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user's data. Attackers who are able to gain remote or local access to the system are able to read and modify the data.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Alf-banco	Alf-banco

Configuration 1 [-]

cpe:2.3:a:alf-banco:alf-banco:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/ph0nkybit/proof-of-concepts/tree/main/Use_Of_Hardcoded_Password_In_ALF-BanCO_8.2.x

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-03-25T16:17:30

Updated: 2024-08-03T04:42:50.039Z

Reserved: 2022-02-21T00:00:00

Link: CVE-2022-25577

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-03-25T17:15:08.720

Modified: 2024-11-21T06:52:23.110

Link: CVE-2022-25577

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user's data. Attackers who are able to gain remote or local access to the system are able to read and modify the data."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-03-25T16:17:30", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/ph0nkybit/proof-of-concepts/tree/main/Use_Of_Hardcoded_Password_In_ALF-BanCO_8.2.x"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-25577", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user's data. Attackers who are able to gain remote or local access to the system are able to read and modify the data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/ph0nkybit/proof-of-concepts/tree/main/Use_Of_Hardcoded_Password_In_ALF-BanCO_8.2.x", "refsource": "MISC", "url": "https://github.com/ph0nkybit/proof-of-concepts/tree/main/Use_Of_Hardcoded_Password_In_ALF-BanCO_8.2.x"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:42:50.039Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/ph0nkybit/proof-of-concepts/tree/main/Use_Of_Hardcoded_Password_In_ALF-BanCO_8.2.x"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-25577", "datePublished": "2022-03-25T16:17:30", "dateReserved": "2022-02-21T00:00:00", "dateUpdated": "2024-08-03T04:42:50.039Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:alf-banco:alf-banco:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF4177EB-9609-4DC3-B02C-87E290B24DAA", "versionEndIncluding": "8.2.5", "versionStartIncluding": "8.2.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user's data. Attackers who are able to gain remote or local access to the system are able to read and modify the data."}, {"lang": "es", "value": "Se ha detectado que ALF-BanCO versiones v8.2.5 y anteriores, usa una contrase\u00f1a embebida para cifrar la base de datos SQLite que contiene los datos del usuario. Los atacantes que pueden conseguir acceso remoto o local al sistema pueden leer y modificar los datos"}], "id": "CVE-2022-25577", "lastModified": "2024-11-21T06:52:23.110", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-25T17:15:08.720", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/ph0nkybit/proof-of-concepts/tree/main/Use_Of_Hardcoded_Password_In_ALF-BanCO_8.2.x"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/ph0nkybit/proof-of-concepts/tree/main/Use_Of_Hardcoded_Password_In_ALF-BanCO_8.2.x"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}