CVE-2021-3833 CRITICAL

CVE-2021-3833: Integria IMS incorrect authorization

Vendor Ártica
Product Integria IMS
Weakness CWE-697
Published October 7, 2021
Last update September 16, 2024

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.

Key dates

02Disclosure timeline

October 7, 2021 CVE published
September 16, 2024 Record updated