header-logo
Suggest Exploit
vendor:
NetCommerce and WebSphere Commerce Suite
by:
SecurityFocus
7.5
CVSS
HIGH
Weak Password Encryption
259
CWE
Product Name: NetCommerce and WebSphere Commerce Suite
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Weak Password Encryption in IBM NetCommerce and WebSphere Commerce Suite

Versions of IBM NetCommerce and WebSphere Commerce Suite ecommerce packages employ weak password encryption for their users' and administrators' passwords. This encryption is defeatable using a widely-published decryption tool. Compromise of the user accounts could result in disclosure of sensitive information and interference with the normal operation of the affected website. Compromise of administrator accounts could result in disclosure of sensitive information, changes to website functionality, and, potentially, could assist in further compromises of security on the affected host.

Mitigation:

Ensure that passwords are encrypted using a strong encryption algorithm.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2482/info

Versions of IBM NetCommerce and WebSphere Commerce Suite ecommerce packages employ weak password encryption for their users' and administrators' passwords.

This encryption is defeatable using a widely-published decryption tool.

Compromise of the user accounts could result in disclosure of sensitive information and interference with the normal operation of the affected website.

Compromise of administrator accounts could result in disclosure of sensitive information, changes to website functionality, and, potentially, could assist in further compromises of security on the affected host.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/20685.zip

Navigation

Suggest Exploit

Services By CQR