CVE-2020-3935 : What You Need to Know
Learn about CVE-2020-3935 affecting TAIWAN SECOM CO., LTD. systems. Discover the impact, affected versions, and mitigation steps for this Sensitivity Information Exposure vulnerability.
TAIWAN SECOM CO., LTD. experienced a Sensitivity Information Exposure vulnerability in their Door Access Control and Personnel Attendance Management systems.
Understanding CVE-2020-3935
This CVE involves the exposure of users' information due to storing passwords in cleartext in cookies.
What is CVE-2020-3935?
TAIWAN SECOM CO., LTD. systems store sensitive user data insecurely, allowing attackers to access passwords.
The Impact of CVE-2020-3935
The vulnerability has a CVSS base score of 7.5, indicating a high severity level with a significant impact on confidentiality.
Technical Details of CVE-2020-3935
This section provides detailed technical information about the vulnerability.
Vulnerability Description
The vulnerability involves storing user passwords in cleartext within cookies, making them easily accessible to attackers.
Affected Systems and Versions
- Door Access Control system version 3.3.2 and below
- Personnel Attendance system version 3.3.0.3_20160517 and below
Exploitation Mechanism
Attackers can exploit this vulnerability by intercepting and decoding the cleartext passwords stored in the cookies.
Mitigation and Prevention
To address CVE-2020-3935, immediate actions and long-term security practices are recommended.
Immediate Steps to Take
- Update Door Access Control system to version 3.5.4
- Update Personnel Attendance system to version 3.4.0.0.3.05_20191112
Long-Term Security Practices
- Implement encryption for sensitive data storage
- Regularly audit and update security protocols
Patching and Updates
Ensure all systems are regularly updated with the latest security patches to prevent vulnerabilities like CVE-2020-3935.