Learn about CVE-2022-21800 affecting Airspan Networks MMP, PTP C-series, and PTMP C-series, how attackers could exploit the vulnerability, and steps to prevent password compromise.
Airspan Networks Mimosa Use of a Broken or Risky Cryptographic Algorithm
Understanding CVE-2022-21800
This CVE identifies vulnerabilities in multiple products of Airspan Networks, including MMP, PTP C-series, and PTMP C-series and A5x.
What is CVE-2022-21800?
The affected versions of these products use the MD5 algorithm to hash passwords without salting, making it possible for attackers to crack hashed passwords.
The Impact of CVE-2022-21800
The vulnerability poses a medium-severity risk with high confidentiality impact, potentially allowing attackers to compromise passwords.
Technical Details of CVE-2022-21800
Vulnerability Description
Airspan Networks devices store passwords hashed with MD5 algorithm without salting, exposing them to potential cracking by malicious actors.
Affected Systems and Versions
Exploitation Mechanism
Attackers can exploit this vulnerability by leveraging the weak hashing mechanism to extract stored passwords.
Mitigation and Prevention
Immediate Steps to Take
Airspan Networks recommends users to update to the following versions:
Long-Term Security Practices
Ensure passwords are securely hashed and implement additional security measures to protect against password cracking attempts.
Patching and Updates
Regularly update Airspan Networks products to the latest recommended versions to mitigate the vulnerability.