Primary

Context

Asseco InfoMedica Plus Password Decoding Vulnerability

Vulnerability

A vulnerability exists in Asseco InfoMedica Plus versions 4.0.0 prior to 4.50.1 and 5.0.0 prior to 5.38.0, allowing encoded passwords stored in the database to be decoded using a client-side algorithm. This issue arises from passwords being stored in a recoverable format, combined with a lack of proper access control, enabling low-privileged users to access the encoded passwords of other accounts, including the main administrator. Exploiting this vulnerability could lead to unauthorized privilege escalation.

Impact

Exploitation of this vulnerability allows for the decoding of encoded passwords, which could then be used to gain unauthorized access to user accounts, including administrative privileges.

Remediation

Users can upgrade to Asseco InfoMedica Plus versions 4.50.1 or 5.38.0 to address this vulnerability.

Added: Jan 8, 2026, 2:22 PM

Updated: Jan 8, 2026, 6:49 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

1.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

1.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Asseco InfoMedica Plus Password Decoding Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating