CVE-2018-5552 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	2.9 LOW	LOCAL	HIGH	NONE	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
rapid7	CNA	2.9 LOW	LOCAL	HIGH	NONE	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 5%

Vendor	Product	Version
docutracinc	dtisqlinstaller	𝑥 ≤ 1.6.4.0

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-760 - Use of a One-Way Hash with a Predictable Salt
The software uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software uses a predictable salt as part of the input.
CWE-798 - Use of Hard-coded Credentials
The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

References

https://blog.rapid7.com/2018/03/14/r7-2018-01-cve-2018-5551-cve-2018-5552-docutrac-office-therapy-installer-hard-coded-credentials-and-cryptographic-salt/

https://blog.rapid7.com/2018/03/14/r7-2018-01-cve-2018-5551-cve-2018-5552-docutrac-office-therapy-installer-hard-coded-credentials-and-cryptographic-salt/