github - ghsa-cjg8-2ch5-p3hm

GHSA-CJG8-2CH5-P3HM

Vulnerability from github – Published: 2022-05-24 17:24 – Updated: 2022-05-24 17:24

Details

OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate hashing complexity, which may allow an attacker to recover passwords using known password cracking techniques.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-14489"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-07-29T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate hashing complexity, which may allow an attacker to recover passwords using known password cracking techniques.",
  "id": "GHSA-cjg8-2ch5-p3hm",
  "modified": "2022-05-24T17:24:36Z",
  "published": "2022-05-24T17:24:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14489"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2020-14489 (GCVE-0-2020-14489)

Vulnerability from cvelistv5 – Published: 2020-07-29 12:24 – Updated: 2024-09-17 01:46

Summary

OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate hashing complexity, which may allow an attacker to recover passwords using known password cracking techniques.

Severity ?

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-522 - INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522

Assigner

icscert

References

URL

Tags

https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	open source	OpenClinic GA	Affected: 5.09.02 Affected: 5.89.05b

Credits

Brian D. Hysell reported these vulnerabilities to CISA.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:46:34.569Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenClinic GA",
          "vendor": "open source",
          "versions": [
            {
              "status": "affected",
              "version": "5.09.02"
            },
            {
              "status": "affected",
              "version": "5.89.05b"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Brian D. Hysell reported these vulnerabilities to CISA."
        }
      ],
      "datePublic": "2020-07-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate hashing complexity, which may allow an attacker to recover passwords using known password cracking techniques."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-29T12:24:11",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01"
        }
      ],
      "source": {
        "advisory": "ICSMA-20-184-01 OpenClinic GA",
        "discovery": "EXTERNAL"
      },
      "title": "OpenClinic GA",
      "workarounds": [
        {
          "lang": "en",
          "value": "OpenClinic GA is aware of these vulnerabilities but has not provided any confirmation of their resolution. Please upgrade to the latest version to ensure you have all current fixes."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "2020-07-02T00:00:00.000Z",
          "ID": "CVE-2020-14489",
          "STATE": "PUBLIC",
          "TITLE": "OpenClinic GA"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenClinic GA",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "5.09.02"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "5.89.05b"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "open source"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Brian D. Hysell reported these vulnerabilities to CISA."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate hashing complexity, which may allow an attacker to recover passwords using known password cracking techniques."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01"
            }
          ]
        },
        "source": {
          "advisory": "ICSMA-20-184-01 OpenClinic GA",
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "OpenClinic GA is aware of these vulnerabilities but has not provided any confirmation of their resolution. Please upgrade to the latest version to ensure you have all current fixes."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-14489",
    "datePublished": "2020-07-29T12:24:11.103756Z",
    "dateReserved": "2020-06-19T00:00:00",
    "dateUpdated": "2024-09-17T01:46:22.188Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-CJG8-2CH5-P3HM

CVE-2020-14489 (GCVE-0-2020-14489)

Tags

Sightings

Nomenclature