WellinTech KingView < 6.53 (2012-10-09) User Credentials Not Securely Hashed

low Nessus Plugin ID 82665

Synopsis

The remote host is affected by a hashing weakness vulnerability.

Description

The remote host is running a version of WellinTech KingView prior to 6.53 (2012-10-09). It is, therefore, affected by a hashing weakness vulnerability due to the use of an insecure hashing algorithm. An attacker can exploit this weakness to trivially decrypt a file containing usernames and passwords.

Solution

Upgrade to WellinTech KingView version 6.53 (2012-10-09) or later.

See Also

http://www.nessus.org/u?a3d3b3e4

https://ics-cert.us-cert.gov/advisories/ICSA-12-283-02

Plugin Details

Severity: Low

ID: 82665

File Name: scada_kingview_6_53_2012-10-09.nbin

Version: 1.68

Type: local

Agent: windows

Family: SCADA

Published: 4/9/2015

Updated: 8/2/2022

Supported Sensors: Nessus Agent

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2012-4899

Vulnerability Information

CPE: cpe:/a:wellintech:kingview

Required KB Items: installed_sw/WellinTech KingView

Exploit Ease: No known exploits are available

Patch Publication Date: 10/9/2012

Vulnerability Publication Date: 7/29/2012

Reference Information

CVE: CVE-2012-4899

BID: 54729

ICSA: 12-283-02