The default configuration of Sambar Server 5 and previous versions uses a symmetric key that is compiled into the binary program for encrypting passwords, which could allow local users to break all user passwords by cracking the key or modifying a copy of the sambar program to call the decryption procedure.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sambar sambar server 5.0 |
||
sambar sambar server 4.3 |
||
sambar sambar server 4.4 |
||
sambar sambar server 4.1 |
||
sambar sambar server 4.2.1_production |