RSS   Vulnerabilities for 'Psyprax'   RSS

2021-02-05
 
CVE-2020-10554

CWE-327
 

 
An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAAAA is stored in the database as MMMMMMMM.

 
 
CVE-2020-10553

CWE-732
 

 
An issue was discovered in Psyprax before 3.2.2. The file %PROGRAMDATA%\Psyprax32\PPScreen.ini contains a hash for the lockscreen (aka screensaver) of the application. If that entry is removed, the lockscreen is no longer displayed and the app is no longer locked. All local users are able to modify that file.

 
 
CVE-2020-10552

CWE-732
 

 
An issue was discovered in Psyprax before 3.2.2. The Firebird database is accessible with the default user sysdba and password masterke after installation. This allows any user to access it and read and modify the contents, including passwords. Local database files can be accessed directly as well.

 


Copyright 2024, cxsecurity.com

 

Back to Top