Psyprax: >> Psyprax Security Vulnerabilities
An issue was discovered in Psyprax before 3.2.2. The Firebird database is accessible with the default user sysdba and password masterke after installation. This allows any user to access it and read and modify the contents, including passwords. Local database files can be accessed directly as well.
CVSS Score
8.1
EPSS Score
0.003
Published
2021-02-05
An issue was discovered in Psyprax before 3.2.2. The file %PROGRAMDATA%\Psyprax32\PPScreen.ini contains a hash for the lockscreen (aka screensaver) of the application. If that entry is removed, the lockscreen is no longer displayed and the app is no longer locked. All local users are able to modify that file.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-02-05
An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAAAA is stored in the database as MMMMMMMM.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-02-05