Improper Authentication in Prima Systems FlexAir, Versions 2.3.38 and prior

Improper Authentication in Prima Systems FlexAir, Versions 2.3.38 and prior

CVE-2019-7666 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash value of the password, which may allow an attacker with access to the database to login as admin without decrypting the password.

Learn more about our Web Application Penetration Testing UK.