Vulnerabilities > CVE-2013-10004 - Improper Restriction of Excessive Authentication Attempts vulnerability in Telecomsoftware Samwin Agent and Samwin Contact Center

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

telecomsoftware

CWE-307

NVD

Published: 2022-05-24

Updated: 2022-06-08

Summary

A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact Center Suite 5.1. This vulnerability affects the function passwordScramble in the library SAMwinLIBVB.dll of the component Password Handler. Incorrect implementation of a hashing function leads to predictable authentication possibilities. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component.

Vulnerable Configurations

Part	Description	Count
Application	Telecomsoftware Telecomsoftware Samwin Contact Center 5.1 Telecomsoftware Samwin Agent 5.01.19.06	2

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References