CVE-2021-35965
19.07.2021, 12:15
The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the webpage in plain text, thus remote attackers can obtain administrators privilege without logging in.Enginsight
Vendor | Product | Version |
---|---|---|
learningdigital | orca_hcm | 𝑥 ≤ 10.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-522 - Insufficiently Protected CredentialsThe product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
- CWE-1188 - Insecure Default Initialization of ResourceThe software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.