CVE-2019-5723

An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwords are stored using reversible encryption rather than as a hash value, and the used Vigenere algorithm is badly outdated. Moreover, the encryption key is static and too short. Due to this, the passwords stored by the application can be easily decrypted.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
portierportier
4.4.4.2
portierportier
4.4.4.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/151118/PORTIER-4.4.4.2-4.4.4.6-Cryptographic-Issues.html
https://seclists.org/bugtraq/2019/Jan/8
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-011.txt
http://packetstormsecurity.com/files/151118/PORTIER-4.4.4.2-4.4.4.6-Cryptographic-Issues.html
https://seclists.org/bugtraq/2019/Jan/8
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-011.txt