SicommNet BASEC Insecure Password Storage Vulnerability

Vulnerability

A vulnerability allowing insufficiently protected credentials has been identified in SicommNet BASEC on SaaS. This issue arises from passwords being stored in plain text or using reversible encryption, which enables an attacker with sufficient privileges to easily extract the original passwords. The vulnerability affects SicommNet BASEC versions released from December 14, 2021, onwards.

Impact

Exploitation of this vulnerability could lead to unauthorized password recovery, allowing attackers to gain access to user accounts.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SicommNet BASEC Insecure Password Storage Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating