Vulnerabilities > CVE-2019-3907 - Use of Password Hash With Insufficient Computational Effort vulnerability in Identicard Premisys ID 3.1.190

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

identicard

CWE-916

NVD

Published: 2019-01-18

Updated: 2021-11-02

Summary

Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).

Vulnerable Configurations

Part	Description	Count
Application	Identicard Identicard Premisys ID 3.1.190	1

Common Weakness Enumeration (CWE)

CWE-916 - Use of Password Hash With Insufficient Computational Effort

References

https://www.tenable.com/security/research/tra-2019-01
http://www.securityfocus.com/bid/106552