Vulnerabilities > CVE-2023-50444 - Improper Restriction of Excessive Authentication Attempts vulnerability in Primx Zed!, Zedmail and Zonecentral

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

primx

CWE-307

NVD

Published: 2023-12-13

Updated: 2023-12-20

Summary

By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force.

Vulnerable Configurations

Part	Description	Count
Application	Primx Primx Zonecentral * Primx Zonecentral 6.1.2240 Primx Zedmail 6.1.2240 Primx Zed! 2023.5 Primx Zed! Q.2020.1 Primx Zed! Q.2020.2 Primx Zed! * Primx Zed! Q.2021.1	8

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References