Vulnerabilities > Identicard

DATE CVE VULNERABILITY TITLE RISK
2019-01-18 CVE-2019-3909 Insecure Default Initialization of Resource vulnerability in Identicard Premisys ID 3.1.190
Premisys Identicard version 3.1.190 database uses default credentials.
network
low complexity
identicard CWE-1188
critical
 9.8
9.8
2019-01-18 CVE-2019-3908 Use of Hard-coded Credentials vulnerability in Identicard Premisys ID 3.1.190
Premisys Identicard version 3.1.190 stores backup files as encrypted zip files.
network
low complexity
identicard CWE-798
7.5
7.5
2019-01-18 CVE-2019-3907 Use of Password Hash With Insufficient Computational Effort vulnerability in Identicard Premisys ID 3.1.190
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).
network
low complexity
identicard CWE-916
7.5
7.5
2019-01-18 CVE-2019-3906 Use of Hard-coded Credentials vulnerability in Identicard Premisys ID 3.1.190
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003.
network
low complexity
identicard CWE-798
8.8
8.8
2017-10-09 CVE-2017-14973 Cross-site Scripting vulnerability in Identicard Two-Reader Controller Configuration Manager 1.18.8(396)
IDenticard Two-Reader Controller Configuration Manager 1.18.8 (396) is vulnerable to Stored Cross-Site Scripting (XSS) via the notes field in /~user_handler?file=logged_in.shtm (aka the edit user page).
network
low complexity
identicard CWE-79
5.4
5.4