CVE-2023-6329

An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a "passwordCustom" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative use...

Control ID IDSecure SQL Injection Vulnerability

Control ID IDSecure is software from Control ID that controls access to personnel and vehicles in companies of all sizes. A security vulnerability exists in Control ID IDSecure version 4.7.26.0 and prior versions that stems from the presence of a SQL injection vulnerability. An attacker can explo...

Control ID IDSecure Trust Management Issue Vulnerability

Control ID IDSecure is software from Control ID that controls access to personnel and vehicles in companies of all sizes. A security vulnerability exists in Control ID IDSecure version 4.7.26.0 and prior versions, which stems from the use of a hard-coded key to sign and verify JWT session tokens,...

PT-2023-24319 · Control Id · Idsecure

Name of the Vulnerable Software and Affected Versions: Control ID IDSecure versions 4.7.26.0 and prior Description: An uncaught exception vulnerability exists, allowing attackers to cause the main web server of IDSecure to fault and crash, resulting in a denial of service. Recommendations: For...