CVE-2013-10004

Telecommunication Software SAMwin Contact Center Suite Password SAMwinLIBVB.dll passwordScramble improper authentication

CVSS 6.5 MEDIUMEPSS 0.9%CWE-287

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.5EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

24 May 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact Center Suite 5.1. This vulnerability affects the function passwordScramble in the library SAMwinLIBVB.dll of the component Password Handler. Incorrect implementation of a hashing function leads to predictable authentication possibilities. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Telecommunication Software · SAMwin Contact Center Suite

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://vuldb.com/?id.12790 http://www.modzero.ch/advisories/MZ-13-07_SAMwin_Collisions.txt