Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system.
Metrics
CVSS Version: 3.1 |
Base Score: 6.4 MEDIUM Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
l➤ Exploitability Metrics: Attack Vector (AV)* ADJACENT_NETWORK Attack Complexity (AC)* HIGH Privileges Required (PR)* HIGH User Interaction (UI)* NONE Scope (S)* UNCHANGED
l➤ Impact Metrics: Confidentiality Impact (C)* HIGH Integrity Impact (I)* HIGH Availability Impact (A)* HIGH
Weakness Enumeration (CWE)
CWE-ID: CWE-257 CWE Name: CWE-257: Storing Passwords in a Recoverable Format Source: Progress Software Corporation
Common Attack Pattern Enumeration and Classification (CAPEC)
CAPEC-ID: CAPEC-37 CAPEC Description: CAPEC-37: Retrieve Embedded Sensitive Data