CVE-2023-39420
CVSS V2 None
CVSS V3 None
Description
The RDPCore.dll component as used in the IRM Next Generation booking engine, allows a remote user to connect to customers with an "admin" account and a corresponding password computed daily by a routine inside the DLL file. Once reverse-engineered, this routine can help an attacker generate the daily password and connect to application customers. Given that this is an administrative account, anyone logging into a customer deployment has full, unrestricted access to the application.
Overview
- CVE ID
- CVE-2023-39420
- Assigner
- Bitdefender
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-09-07T12:17:09.872Z
- Last Modified Date
- 2023-09-07T12:17:09.872Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained/ |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-39420 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39420 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 19:19:46 | Added to TrackCVE |