CVE-2020-11720

Published: Dec 23, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. During the installation, it sets up administrative access by default with the account admin and password 0000. After the installation, users/admins are not prompted to change this password.

Affected (1)

Products: Bilanc: Bilanc

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Bilanc Bilanc	Up to 014_31.01.2020

Related CWEs

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (4)

http://packetstormsecurity.com/files/160623/Programi-Bilanc-Build-007-Release-014-31.01.2020-Weak-Default-Password.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2020/Dec/34

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://packetstormsecurity.com/files/160623/Programi-Bilanc-Build-007-Release-014-31.01.2020-Weak-Default-Password.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2020/Dec/34

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.