CVE-2020-10375 : What You Need to Know

An issue was discovered in New Media Smarty before 9.10 where passwords are stored in the database in an obfuscated format that can be easily reversed. The file data.mdb contains these obfuscated passwords in the second column. This is unrelated to the popular Smarty template engine product.

Understanding CVE-2020-10375

This CVE involves a vulnerability in New Media Smarty that allows for the reversal of obfuscated passwords stored in the database.

What is CVE-2020-10375?

CVE-2020-10375 is a security flaw in New Media Smarty versions prior to 9.10, enabling the retrieval of obfuscated passwords from the database.

The Impact of CVE-2020-10375

The vulnerability could lead to unauthorized access to sensitive information, posing a risk to the confidentiality of user passwords.

Technical Details of CVE-2020-10375

This section provides more in-depth technical insights into the CVE.

Vulnerability Description

The issue lies in the insecure storage of passwords in an easily reversible obfuscated format within the database.

Affected Systems and Versions

Product: New Media Smarty
Vendor: Not specified
Versions affected: All versions before 9.10

Exploitation Mechanism

Attackers can exploit this vulnerability by accessing the data.mdb file to retrieve obfuscated passwords stored in the second column.

Mitigation and Prevention

Protecting systems from CVE-2020-10375 requires immediate actions and long-term security measures.

Immediate Steps to Take

Upgrade to New Media Smarty version 9.10 or above to mitigate the vulnerability.
Change all passwords stored in the database to a secure and non-reversible format.

Long-Term Security Practices

Implement strong password policies and encryption methods for storing sensitive data.
Regularly audit and monitor database access to detect any unauthorized retrieval of passwords.

Patching and Updates

Stay informed about security patches and updates released by New Media Smarty to address vulnerabilities like CVE-2020-10375.