PT-2024-72: Weakness of password policy in Password Pusher

MEDIUM

(6.9) CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

THREATSCAPE

Analytics articles

What are the security threats on your network?

Check your traffic-for free

Request pilot

Vulnerability type:
CWE-521:Weak Password Requirements

Vulnerability vector:

Base vulnerability score (CVSSv3.1): CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Severity (CVSSv3.1): 5.3 (medium)
Base vulnerability score (CVSSv4.0): CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Severity (CVSSv4.0): 6.9 (medium)

Description:

The vulnerability was identified in Password Pusher versions prior to 1.49.0.

The application allows users to set weak and easily bruteforced passwords. The discovered vulnerability allows attackers to bruteforce the password and gain access to the application with privileges of the corresponding user.

Vulnerability status: Confirmed by vendor

Date of vulnerability remediation: 20.11.2024

Recommendations:

Update to version 1.49.0 or higher
Security advisory

Additional information: Positive Technologies

Identifier:

CVE-2024-52796

Vendor:

Apnotic, LLC

Vulnerable product:

Password Pusher

Vulnerable version:

< 1.49.0

Get in touch

Fill in the form and our specialists
will contact you shortly

General
questions

We're happy to answer any questions you may have.

Partnership

Join us in making the world a safer place.

Request a pilot

Test drive our solutions with a customized pilot program.

PT-2024-72: Weakness of password policy in Password Pusher

Analytics articles

What are the security threats on your network?

Vulnerability type:CWE-521:Weak Password Requirements

Get in touch

Vulnerability type:
CWE-521:Weak Password Requirements