CVE-2020-10552 in Psyprax
Summary
by MITRE • 02/06/2021
An issue was discovered in Psyprax before 3.2.2. The Firebird database is accessible with the default user sysdba and password masterke after installation. This allows any user to access it and read and modify the contents, including passwords. Local database files can be accessed directly as well.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 02/24/2021
This vulnerability represents a critical default credential weakness in Psyprax software versions prior to 3.2.2, exposing Firebird database systems to unauthorized access. The flaw stems from the software's failure to properly secure the database installation process, leaving the Firebird database accessible through the well-known default administrative credentials of sysdba with the password masterke. This configuration allows any user with access to the system to bypass authentication mechanisms and gain full administrative privileges over the database, creating a severe security risk that extends beyond simple data access to include complete system compromise. The vulnerability directly relates to CWE-798, which addresses the use of hard-coded credentials, and represents a classic example of insecure default configurations that persist across software installations. The exposed database contains sensitive information including passwords and other critical system data, making it a prime target for attackers seeking to escalate privileges or extract confidential information from the system.
The operational impact of this vulnerability is substantial as it provides attackers with unrestricted access to the database contents, enabling them to read, modify, and potentially delete sensitive data. Local database files can be accessed directly, which means that even if network-based access is restricted, local attackers can still exploit the vulnerability through physical access to the system. This creates a multi-layered attack surface where both remote and local threats can leverage the default credentials to compromise the entire database infrastructure. The vulnerability allows for privilege escalation attacks, where attackers can modify database structures, manipulate stored procedures, and potentially access other system resources that rely on the database for authentication or configuration data. The exposure of passwords stored within the database creates additional risks for credential reuse attacks and can lead to further system compromises across interconnected services.
Security professionals should immediately implement mitigation strategies including immediate credential changes for all default database accounts, disabling or removing default database installations when not required, and implementing proper access controls and monitoring mechanisms. The recommended approach involves establishing strong password policies for database accounts, implementing network segmentation to restrict database access, and conducting regular security audits to identify and remediate similar default credential issues. Organizations should also implement database activity monitoring and alerting systems to detect unauthorized access attempts or suspicious database activities. According to ATT&CK framework, this vulnerability maps to T1078 which covers valid accounts and T1005 which covers data from local system. The remediation process should include updating to Psyprax version 3.2.2 or later, where the default database credentials have been properly secured and the installation process includes proper authentication setup. Regular security assessments and penetration testing should be conducted to ensure that similar default configuration issues do not persist in other software components or system configurations.