Vulnerabilities > CVE-2013-10004 - Improper Restriction of Excessive Authentication Attempts vulnerability in Telecomsoftware Samwin Agent and Samwin Contact Center

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

telecomsoftware

CWE-307

critical

NVD

Published: 2022-05-24

Updated: 2022-06-08

Summary

A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact Center Suite 5.1. This vulnerability affects the function passwordScramble in the library SAMwinLIBVB.dll of the component Password Handler. Incorrect implementation of a hashing function leads to predictable authentication possibilities. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component.

Vulnerable Configurations

Part	Description	Count
Application	Telecomsoftware Telecomsoftware Samwin Contact Center 5.1 Telecomsoftware Samwin Agent 5.01.19.06	2

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References