Plaintext Password Storage in QMS Automotive Before V12.39
CVE-2022-43958 Published on November 8, 2022
A vulnerability has been identified in QMS Automotive (All versions < V12.39), QMS Automotive (All versions < V12.39). User credentials are stored in plaintext in the database without any hashing mechanism. This could allow an attacker to gain access to credentials and impersonate other users.
Weakness Type
Unprotected Storage of Credentials
Storing a password in plaintext may result in a system compromise. Password management issues occur when a password is stored in plaintext in an application's properties or configuration file. Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource.
Products Associated with CVE-2022-43958
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-43958 are published in Siemens Qms Automotive:
Affected Versions
Siemens QMS Automotive:- Version All versions < V12.39 is affected.
- Version All versions < V12.39 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.