CVE-2019-3908

Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data.

Published : 2019-01-18 18:29 Updated : 2019-10-09 23:49

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Identicard Premisys Id 3.1.190 cpe:/a:identicard:premisys_id:3.1.190
  1. Identicard (1) Search CVE
    1. Premisys Id (1) Search CVE
      1. 3.1.190

CWE

ID Name Description Links
CWE-798 Use of Hard-coded Credentials The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. CVE

History of changes

Date Event
2019-01-24 20:56
2019-01-19 11:29
2019-01-18 18:29

New CVE