The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key ("LandlordPassKey") to encrypt and decrypt secrets stored in configuration files and in database tables.
References
Link | Resource |
---|---|
https://www.sage.com/en-ca/products/sage-300/ | Product |
https://www.sage.com/en-ca/products/sage-300/ | Product |
Configurations
History
21 Nov 2024, 07:23
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.sage.com/en-ca/products/sage-300/ - Product |
Information
Published : 2023-04-28 13:15
Updated : 2024-11-21 07:23
NVD link : CVE-2022-41397
Mitre link : CVE-2022-41397
CVE.ORG link : CVE-2022-41397
JSON object : View
Products Affected
sage
- sage_300
CWE
CWE-798
Use of Hard-coded Credentials