Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities by identicard
VAR-201901-0269
Vulnerability from variot - Updated: 2023-12-18 12:50Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents. Premisys Identicard Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IDenticard Premisys is a set of access control systems from IDenticard Systems, USA. The system allows the system to grant and restrict access to doors, lock down facilities, view integrated reports, create detailed reports, and more.
There are security vulnerabilities in IDenticard Systems version 3.1.190. A weak-encryption security weakness Attackers may exploit these issues to gain unauthorized access to the affected application, or to bypass certain security restrictions to perform unauthorized actions, and view encrypted data and obtain sensitive information. Premisys 3.1.190 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0269",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "premisys id",
"scope": "eq",
"trust": 1.8,
"vendor": "identicard",
"version": "3.1.190"
},
{
"model": "premisys identicard",
"scope": "eq",
"trust": 0.6,
"vendor": "identicard",
"version": "3.1.190"
},
{
"model": "systems premisys",
"scope": "eq",
"trust": 0.3,
"vendor": "identicard",
"version": "3.1.190"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39192"
},
{
"db": "BID",
"id": "106552"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001402"
},
{
"db": "NVD",
"id": "CVE-2019-3906"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:identicard:premisys_id:3.1.190:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3906"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenable",
"sources": [
{
"db": "BID",
"id": "106552"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-592"
}
],
"trust": 0.9
},
"cve": "CVE-2019-3906",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-3906",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-39192",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3906",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-3906",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-39192",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-592",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-3906",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39192"
},
{
"db": "VULMON",
"id": "CVE-2019-3906"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001402"
},
{
"db": "NVD",
"id": "CVE-2019-3906"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-592"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents. Premisys Identicard Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IDenticard Premisys is a set of access control systems from IDenticard Systems, USA. The system allows the system to grant and restrict access to doors, lock down facilities, view integrated reports, create detailed reports, and more. \n\nThere are security vulnerabilities in IDenticard Systems version 3.1.190. A weak-encryption security weakness\nAttackers may exploit these issues to gain unauthorized access to the affected application, or to bypass certain security restrictions to perform unauthorized actions, and view encrypted data and obtain sensitive information. \nPremisys 3.1.190 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3906"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001402"
},
{
"db": "CNVD",
"id": "CNVD-2019-39192"
},
{
"db": "BID",
"id": "106552"
},
{
"db": "VULMON",
"id": "CVE-2019-3906"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3906",
"trust": 3.4
},
{
"db": "TENABLE",
"id": "TRA-2019-01",
"trust": 2.8
},
{
"db": "BID",
"id": "106552",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-031-02",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001402",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-39192",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201901-592",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-3906",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39192"
},
{
"db": "VULMON",
"id": "CVE-2019-3906"
},
{
"db": "BID",
"id": "106552"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001402"
},
{
"db": "NVD",
"id": "CVE-2019-3906"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-592"
}
]
},
"id": "VAR-201901-0269",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39192"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39192"
}
]
},
"last_update_date": "2023-12-18T12:50:27.917000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Premisys ID",
"trust": 0.8,
"url": "https://www.identicard.com/identification-solutions/photo-id-software/premisys-id-comprehensive-identification-management-solution/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/identicard-zero-days-allow-corporate-building-access-location-recon/140891/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3906"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001402"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001402"
},
{
"db": "NVD",
"id": "CVE-2019-3906"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.securityfocus.com/bid/106552"
},
{
"trust": 2.8,
"url": "https://www.tenable.com/security/research/tra-2019-01"
},
{
"trust": 1.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-031-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3906"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3906"
},
{
"trust": 0.3,
"url": "https://www.identicard.com/access-control/premisys-access-control-system/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/identicard-zero-days-allow-corporate-building-access-location-recon/140891/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39192"
},
{
"db": "VULMON",
"id": "CVE-2019-3906"
},
{
"db": "BID",
"id": "106552"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001402"
},
{
"db": "NVD",
"id": "CVE-2019-3906"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-592"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-39192"
},
{
"db": "VULMON",
"id": "CVE-2019-3906"
},
{
"db": "BID",
"id": "106552"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001402"
},
{
"db": "NVD",
"id": "CVE-2019-3906"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-592"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39192"
},
{
"date": "2019-01-18T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3906"
},
{
"date": "2019-01-14T00:00:00",
"db": "BID",
"id": "106552"
},
{
"date": "2019-03-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001402"
},
{
"date": "2019-01-18T18:29:00.247000",
"db": "NVD",
"id": "CVE-2019-3906"
},
{
"date": "2019-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-592"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39192"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3906"
},
{
"date": "2019-01-14T00:00:00",
"db": "BID",
"id": "106552"
},
{
"date": "2019-03-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001402"
},
{
"date": "2022-12-03T14:45:52.753000",
"db": "NVD",
"id": "CVE-2019-3906"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-592"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-592"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Premisys Identicard Vulnerabilities related to the use of hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001402"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-592"
}
],
"trust": 0.6
}
}
VAR-201901-0270
Vulnerability from variot - Updated: 2023-12-18 12:50Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data. Premisys Identicard Contains a vulnerability in the use of hard-coded credentials.Information may be obtained. IDenticard Premisys is a set of access control systems from IDenticard Systems, USA. The system allows the system to grant and restrict access to doors, lock down facilities, view integrated reports, create detailed reports, and more.
There are security vulnerabilities in IDenticard Systems version 3.1.190. A weak-encryption security weakness Attackers may exploit these issues to gain unauthorized access to the affected application, or to bypass certain security restrictions to perform unauthorized actions, and view encrypted data and obtain sensitive information. Premisys 3.1.190 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0270",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "premisys id",
"scope": "eq",
"trust": 1.8,
"vendor": "identicard",
"version": "3.1.190"
},
{
"model": "premisys identicard",
"scope": "eq",
"trust": 0.6,
"vendor": "identicard",
"version": "3.1.190"
},
{
"model": "systems premisys",
"scope": "eq",
"trust": 0.3,
"vendor": "identicard",
"version": "3.1.190"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39193"
},
{
"db": "BID",
"id": "106552"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001385"
},
{
"db": "NVD",
"id": "CVE-2019-3908"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:identicard:premisys_id:3.1.190:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3908"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenable",
"sources": [
{
"db": "BID",
"id": "106552"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-594"
}
],
"trust": 0.9
},
"cve": "CVE-2019-3908",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-3908",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-39193",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3908",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-3908",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-39193",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-594",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-3908",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39193"
},
{
"db": "VULMON",
"id": "CVE-2019-3908"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001385"
},
{
"db": "NVD",
"id": "CVE-2019-3908"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-594"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data. Premisys Identicard Contains a vulnerability in the use of hard-coded credentials.Information may be obtained. IDenticard Premisys is a set of access control systems from IDenticard Systems, USA. The system allows the system to grant and restrict access to doors, lock down facilities, view integrated reports, create detailed reports, and more. \n\nThere are security vulnerabilities in IDenticard Systems version 3.1.190. A weak-encryption security weakness\nAttackers may exploit these issues to gain unauthorized access to the affected application, or to bypass certain security restrictions to perform unauthorized actions, and view encrypted data and obtain sensitive information. \nPremisys 3.1.190 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3908"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001385"
},
{
"db": "CNVD",
"id": "CNVD-2019-39193"
},
{
"db": "BID",
"id": "106552"
},
{
"db": "VULMON",
"id": "CVE-2019-3908"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3908",
"trust": 3.4
},
{
"db": "TENABLE",
"id": "TRA-2019-01",
"trust": 2.8
},
{
"db": "BID",
"id": "106552",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-19-031-02",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001385",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-39193",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201901-594",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-3908",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39193"
},
{
"db": "VULMON",
"id": "CVE-2019-3908"
},
{
"db": "BID",
"id": "106552"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001385"
},
{
"db": "NVD",
"id": "CVE-2019-3908"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-594"
}
]
},
"id": "VAR-201901-0270",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39193"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39193"
}
]
},
"last_update_date": "2023-12-18T12:50:27.855000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Premisys ID",
"trust": 0.8,
"url": "https://www.identicard.com/identification-solutions/photo-id-software/premisys-id-comprehensive-identification-management-solution/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/identicard-zero-days-allow-corporate-building-access-location-recon/140891/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3908"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001385"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001385"
},
{
"db": "NVD",
"id": "CVE-2019-3908"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://www.tenable.com/security/research/tra-2019-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/106552"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3908"
},
{
"trust": 1.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-031-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3908"
},
{
"trust": 0.3,
"url": "https://www.identicard.com/access-control/premisys-access-control-system/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/identicard-zero-days-allow-corporate-building-access-location-recon/140891/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39193"
},
{
"db": "VULMON",
"id": "CVE-2019-3908"
},
{
"db": "BID",
"id": "106552"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001385"
},
{
"db": "NVD",
"id": "CVE-2019-3908"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-594"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-39193"
},
{
"db": "VULMON",
"id": "CVE-2019-3908"
},
{
"db": "BID",
"id": "106552"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001385"
},
{
"db": "NVD",
"id": "CVE-2019-3908"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-594"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39193"
},
{
"date": "2019-01-18T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3908"
},
{
"date": "2019-01-14T00:00:00",
"db": "BID",
"id": "106552"
},
{
"date": "2019-03-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001385"
},
{
"date": "2019-01-18T18:29:00.327000",
"db": "NVD",
"id": "CVE-2019-3908"
},
{
"date": "2019-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-594"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39193"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3908"
},
{
"date": "2019-01-14T00:00:00",
"db": "BID",
"id": "106552"
},
{
"date": "2019-03-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001385"
},
{
"date": "2022-12-03T14:46:05.703000",
"db": "NVD",
"id": "CVE-2019-3908"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-594"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-594"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Premisys Identicard Vulnerabilities related to the use of hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001385"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-594"
}
],
"trust": 0.6
}
}
CVE-2019-3909 (GCVE-0-2019-3909)
Vulnerability from cvelistv5 – Published: 2019-01-18 18:00 – Updated: 2024-08-04 19:26
VLAI
Summary
Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention.
Severity
No CVSS data available.
CWE
- Default Credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.tenable.com/security/research/tra-2019-01 | x_refsource_MISC |
| http://www.securityfocus.com/bid/106552 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Premisys Identicard 3.1.190 |
Affected:
Premisys Identicard 3.1.190
|
Date Public
2019-01-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:26.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-01"
},
{
"name": "106552",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106552"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Premisys Identicard 3.1.190",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Premisys Identicard 3.1.190"
}
]
}
],
"datePublic": "2019-01-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Default Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-19T10:57:02.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-01"
},
{
"name": "106552",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106552"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Premisys Identicard 3.1.190",
"version": {
"version_data": [
{
"version_value": "Premisys Identicard 3.1.190"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Default Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-01",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-01"
},
{
"name": "106552",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106552"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3909",
"datePublished": "2019-01-18T18:00:00.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:26:26.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3906 (GCVE-0-2019-3906)
Vulnerability from cvelistv5 – Published: 2019-01-18 18:00 – Updated: 2024-08-04 19:26
VLAI
Summary
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents.
Severity
No CVSS data available.
CWE
- CWE-798 - Hard-coded Credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.tenable.com/security/research/tra-2019-01 | x_refsource_MISC |
| http://www.securityfocus.com/bid/106552 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Premisys Identicard 3.1.190 |
Affected:
Premisys Identicard 3.1.190
|
Date Public
2019-01-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:26.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-01"
},
{
"name": "106552",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106552"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Premisys Identicard 3.1.190",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Premisys Identicard 3.1.190"
}
]
}
],
"datePublic": "2019-01-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-19T10:57:02.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-01"
},
{
"name": "106552",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106552"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Premisys Identicard 3.1.190",
"version": {
"version_data": [
{
"version_value": "Premisys Identicard 3.1.190"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-01",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-01"
},
{
"name": "106552",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106552"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3906",
"datePublished": "2019-01-18T18:00:00.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:26:26.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3908 (GCVE-0-2019-3908)
Vulnerability from cvelistv5 – Published: 2019-01-18 18:00 – Updated: 2024-08-04 19:26
VLAI
Summary
Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data.
Severity
No CVSS data available.
CWE
- CWE-259 - Hard-coded Password
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.tenable.com/security/research/tra-2019-01 | x_refsource_MISC |
| http://www.securityfocus.com/bid/106552 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Premisys Identicard 3.1.190 |
Affected:
Premisys Identicard 3.1.190
|
Date Public
2019-01-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:26.712Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-01"
},
{
"name": "106552",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106552"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Premisys Identicard 3.1.190",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Premisys Identicard 3.1.190"
}
]
}
],
"datePublic": "2019-01-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259 Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-19T10:57:02.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-01"
},
{
"name": "106552",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106552"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Premisys Identicard 3.1.190",
"version": {
"version_data": [
{
"version_value": "Premisys Identicard 3.1.190"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-259 Hard-coded Password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-01",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-01"
},
{
"name": "106552",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106552"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3908",
"datePublished": "2019-01-18T18:00:00.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:26:26.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3907 (GCVE-0-2019-3907)
Vulnerability from cvelistv5 – Published: 2019-01-18 18:00 – Updated: 2024-08-04 19:26
VLAI
Summary
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).
Severity
No CVSS data available.
CWE
- CWE-798 - Hard-coded Credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.tenable.com/security/research/tra-2019-01 | x_refsource_MISC |
| http://www.securityfocus.com/bid/106552 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Premisys Identicard 3.1.190 |
Affected:
Premisys Identicard 3.1.190
|
Date Public
2019-01-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:26.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-01"
},
{
"name": "106552",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106552"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Premisys Identicard 3.1.190",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Premisys Identicard 3.1.190"
}
]
}
],
"datePublic": "2019-01-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-19T10:57:02.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-01"
},
{
"name": "106552",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106552"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Premisys Identicard 3.1.190",
"version": {
"version_data": [
{
"version_value": "Premisys Identicard 3.1.190"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-01",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-01"
},
{
"name": "106552",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106552"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3907",
"datePublished": "2019-01-18T18:00:00.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:26:26.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14973 (GCVE-0-2017-14973)
Vulnerability from cvelistv5 – Published: 2017-10-09 05:00 – Updated: 2024-08-05 19:42
VLAI
Summary
IDenticard Two-Reader Controller Configuration Manager 1.18.8 (396) is vulnerable to Stored Cross-Site Scripting (XSS) via the notes field in /~user_handler?file=logged_in.shtm (aka the edit user page).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://raw.githubusercontent.com/badbiddy/Vulner… | x_refsource_MISC |
Date Public
2017-10-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/IDenticard%20Two-Reader%20Controller%20%3C%201.18.8%20-%20CVE-2017-14973"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IDenticard Two-Reader Controller Configuration Manager 1.18.8 (396) is vulnerable to Stored Cross-Site Scripting (XSS) via the notes field in /~user_handler?file=logged_in.shtm (aka the edit user page)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-09T05:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/IDenticard%20Two-Reader%20Controller%20%3C%201.18.8%20-%20CVE-2017-14973"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IDenticard Two-Reader Controller Configuration Manager 1.18.8 (396) is vulnerable to Stored Cross-Site Scripting (XSS) via the notes field in /~user_handler?file=logged_in.shtm (aka the edit user page)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/IDenticard%20Two-Reader%20Controller%20%3C%201.18.8%20-%20CVE-2017-14973",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/IDenticard%20Two-Reader%20Controller%20%3C%201.18.8%20-%20CVE-2017-14973"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14973",
"datePublished": "2017-10-09T05:00:00.000Z",
"dateReserved": "2017-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:42:22.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3909 (GCVE-0-2019-3909)
Vulnerability from nvd – Published: 2019-01-18 18:00 – Updated: 2024-08-04 19:26
VLAI
Summary
Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention.
Severity
No CVSS data available.
CWE
- Default Credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.tenable.com/security/research/tra-2019-01 | x_refsource_MISC |
| http://www.securityfocus.com/bid/106552 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Premisys Identicard 3.1.190 |
Affected:
Premisys Identicard 3.1.190
|
Date Public
2019-01-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:26.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-01"
},
{
"name": "106552",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106552"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Premisys Identicard 3.1.190",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Premisys Identicard 3.1.190"
}
]
}
],
"datePublic": "2019-01-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Default Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-19T10:57:02.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-01"
},
{
"name": "106552",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106552"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Premisys Identicard 3.1.190",
"version": {
"version_data": [
{
"version_value": "Premisys Identicard 3.1.190"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Default Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-01",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-01"
},
{
"name": "106552",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106552"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3909",
"datePublished": "2019-01-18T18:00:00.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:26:26.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3906 (GCVE-0-2019-3906)
Vulnerability from nvd – Published: 2019-01-18 18:00 – Updated: 2024-08-04 19:26
VLAI
Summary
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents.
Severity
No CVSS data available.
CWE
- CWE-798 - Hard-coded Credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.tenable.com/security/research/tra-2019-01 | x_refsource_MISC |
| http://www.securityfocus.com/bid/106552 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Premisys Identicard 3.1.190 |
Affected:
Premisys Identicard 3.1.190
|
Date Public
2019-01-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:26.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-01"
},
{
"name": "106552",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106552"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Premisys Identicard 3.1.190",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Premisys Identicard 3.1.190"
}
]
}
],
"datePublic": "2019-01-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-19T10:57:02.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-01"
},
{
"name": "106552",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106552"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Premisys Identicard 3.1.190",
"version": {
"version_data": [
{
"version_value": "Premisys Identicard 3.1.190"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-01",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-01"
},
{
"name": "106552",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106552"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3906",
"datePublished": "2019-01-18T18:00:00.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:26:26.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3908 (GCVE-0-2019-3908)
Vulnerability from nvd – Published: 2019-01-18 18:00 – Updated: 2024-08-04 19:26
VLAI
Summary
Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data.
Severity
No CVSS data available.
CWE
- CWE-259 - Hard-coded Password
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.tenable.com/security/research/tra-2019-01 | x_refsource_MISC |
| http://www.securityfocus.com/bid/106552 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Premisys Identicard 3.1.190 |
Affected:
Premisys Identicard 3.1.190
|
Date Public
2019-01-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:26.712Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-01"
},
{
"name": "106552",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106552"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Premisys Identicard 3.1.190",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Premisys Identicard 3.1.190"
}
]
}
],
"datePublic": "2019-01-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259 Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-19T10:57:02.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-01"
},
{
"name": "106552",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106552"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Premisys Identicard 3.1.190",
"version": {
"version_data": [
{
"version_value": "Premisys Identicard 3.1.190"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-259 Hard-coded Password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-01",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-01"
},
{
"name": "106552",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106552"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3908",
"datePublished": "2019-01-18T18:00:00.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:26:26.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3907 (GCVE-0-2019-3907)
Vulnerability from nvd – Published: 2019-01-18 18:00 – Updated: 2024-08-04 19:26
VLAI
Summary
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).
Severity
No CVSS data available.
CWE
- CWE-798 - Hard-coded Credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.tenable.com/security/research/tra-2019-01 | x_refsource_MISC |
| http://www.securityfocus.com/bid/106552 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Premisys Identicard 3.1.190 |
Affected:
Premisys Identicard 3.1.190
|
Date Public
2019-01-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:26.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-01"
},
{
"name": "106552",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106552"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Premisys Identicard 3.1.190",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Premisys Identicard 3.1.190"
}
]
}
],
"datePublic": "2019-01-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-19T10:57:02.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-01"
},
{
"name": "106552",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106552"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Premisys Identicard 3.1.190",
"version": {
"version_data": [
{
"version_value": "Premisys Identicard 3.1.190"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-01",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-01"
},
{
"name": "106552",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106552"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3907",
"datePublished": "2019-01-18T18:00:00.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:26:26.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14973 (GCVE-0-2017-14973)
Vulnerability from nvd – Published: 2017-10-09 05:00 – Updated: 2024-08-05 19:42
VLAI
Summary
IDenticard Two-Reader Controller Configuration Manager 1.18.8 (396) is vulnerable to Stored Cross-Site Scripting (XSS) via the notes field in /~user_handler?file=logged_in.shtm (aka the edit user page).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://raw.githubusercontent.com/badbiddy/Vulner… | x_refsource_MISC |
Date Public
2017-10-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/IDenticard%20Two-Reader%20Controller%20%3C%201.18.8%20-%20CVE-2017-14973"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IDenticard Two-Reader Controller Configuration Manager 1.18.8 (396) is vulnerable to Stored Cross-Site Scripting (XSS) via the notes field in /~user_handler?file=logged_in.shtm (aka the edit user page)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-09T05:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/IDenticard%20Two-Reader%20Controller%20%3C%201.18.8%20-%20CVE-2017-14973"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IDenticard Two-Reader Controller Configuration Manager 1.18.8 (396) is vulnerable to Stored Cross-Site Scripting (XSS) via the notes field in /~user_handler?file=logged_in.shtm (aka the edit user page)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/IDenticard%20Two-Reader%20Controller%20%3C%201.18.8%20-%20CVE-2017-14973",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/IDenticard%20Two-Reader%20Controller%20%3C%201.18.8%20-%20CVE-2017-14973"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14973",
"datePublished": "2017-10-09T05:00:00.000Z",
"dateReserved": "2017-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:42:22.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}