CVE-2022-41399

The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key "PASSKEY" to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database...

CVE-2022-41399

The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key "PASSKEY" to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database...

PT-2023-13979 · Sage · Sage 300

Name of the Vulnerable Software and Affected Versions: Sage 300 versions through 2022 Description: The optional Web Screens feature uses a hard-coded 40-byte blowfish key PASS KEY to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue...

Encrypt Database Password in dbconfig.xml or use integrated authentication

panel:title=Atlassian Update – 5 January 2016|borderStyle=solid|borderColor=ebf2f9 | titleBGColor=ebf2f9 | bgColor=ffffff Hi everyone, Thanks for voting and commenting on this issue. While we understand the importance of this issue for our customers with strict password encryption requirements, w...

Encrypt Database Password in dbconfig.xml or use integrated authentication

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-31004. panel JIRA should Encrypt the database password since it's in plain text in the dbconfig.xml file or it could use the integrated...