CyberSec.Space Logo
Back to CVE Browser

CVE-2021-3833

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1350%
EPSS Percentile7.84th
PublishedOct 7, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.

Affected Platforms (CPE)

πŸ“¦
Artica

Integria Ims

= 5.0.92

References & Advisories

πŸ”— https://integriaims.com/en/services/updates/
πŸ”— https://www.incibe.es/en/incibe-cert/notices/aviso/integria-ims-incorrect-authorization
πŸ”— https://integriaims.com/en/services/updates/
πŸ”— https://www.incibe.es/en/incibe-cert/notices/aviso/integria-ims-incorrect-authorization

Related Vulnerabilities

CVE-2019-150919.8

filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload.

CVE-2021-38329.8

Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated atta...

CVE-2018-10008128.1

Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for ...

CVE-2018-198296.5

Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when ...