CVE-2020-10375: Weak Encryption
First published: Fri Feb 05 2021(Updated: )
An issue was discovered in New Media Smarty before 9.10. Passwords are stored in the database in an obfuscated format that can be easily reversed. The file data.mdb contains these obfuscated passwords in the second column. NOTE: this is unrelated to the popular Smarty template engine product.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Smarty | <9.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-10375?
CVE-2020-10375 is considered a moderate severity vulnerability due to the risk associated with obfuscated passwords being reversibly stored in the database.
How do I fix CVE-2020-10375?
To mitigate CVE-2020-10375, upgrade to New Media Smarty version 9.10 or later, where this issue has been addressed.
What impact does CVE-2020-10375 have on user data?
CVE-2020-10375 can lead to unauthorized access to user accounts as attackers can reverse the obfuscation to retrieve plaintext passwords.
Which versions of New Media Smarty are affected by CVE-2020-10375?
CVE-2020-10375 affects all versions of New Media Smarty prior to 9.10.
Is CVE-2020-10375 related to the Smarty template engine?
No, CVE-2020-10375 is unrelated to the popular Smarty template engine product.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/newmediacompany
- canonical/smarty