CVE-2026-25607
Weak Password Encoding in STER Software
Publication date: 2026-05-22
Last updated on: 2026-05-22
Assigner: CERT.PL
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ster | software | 9.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-261 | Obscuring a password with a trivial encoding does not protect the password. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the use of a weak password encoding algorithm in STER software. Because of this weak encoding, an attacker can analyze how passwords with known values are encoded and then guess the value of other passwords.
The issue was addressed and fixed in version 9.5 of the software.
How can this vulnerability impact me? :
The vulnerability allows an attacker with some knowledge of encoded passwords to guess other users' passwords due to the weak encoding algorithm. This can lead to unauthorized access or compromise of user accounts within the STER software.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed in version 9.5 of the STER software.
To mitigate this vulnerability, you should upgrade the STER software to version 9.5 or later.