CVE-2017-1663211.08.2021, 21:15In SapphireIMS 4097_1, the password in the database is stored in Base64 format.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST7.5 HIGHNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NmitreCNA------CVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 35%Common Weakness EnumerationCWE-326 - Inadequate Encryption StrengthThe software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.Referenceshttps://vuln.shellcoder.party/2020/07/18/cve-2017-16632-sapphireims-insecure-storage-of-password/https://vuln.shellcoder.party/tags/sapphireims/https://vuln.shellcoder.party/2020/07/18/cve-2017-16632-sapphireims-insecure-storage-of-password/https://vuln.shellcoder.party/tags/sapphireims/