Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) store user passwords using unsalted SHA-512 hashes with a fall-back to unsalted SHA-1. The hashing is performed via PHP's `hash()` function in multiple files (server_write_requests_users.php, update_database.php, legacy/Login.php, tests/Unit/Api/IdpControllerTest.php). No per-user salt is used and the fast hash algorithms are unsuitable for password storage. An attacker who obtains the password database can recover cleartext passwords via offline dictionary or rainbow table attacks. The vulnerable code also contains logic that migrates legacy SHA-1 hashes to SHA-512 on login, further exposing users still on the old hash. This vulnerability was partially resolved, but still present within the legacy authentication platform.
oryginał ENCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XVasion Virtual Appliance Application
APPVasionwszystkie wersjeVasion Virtual Appliance Host
APPVasionwszystkie wersje
Powiązane podatności
Vasion Print Virtual Appliance — hasła w plikach plaintext dostępnych dla wszystkich
Vasion Print: hardcoded SSH key umożliwiający root access do appliance
Vasion Print: hardcoded klucz prywatny SSL we wszystkich instancjach
Hardcoded klucz prywatny GPG w Vasion Print Virtual Appliance
Vasion Print: hardcoded klucz prywatny CA i hasło w plikach konfiguracyjnych