Weak Password Hash in Core Privileged Access Manager (BoKS)

6.2 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager (BoKS) can result in the selection of weak password hash algorithms. This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain.

Basic Information

ID CVE-2025-13532

Source Fortra

Published Dec 16, 2025 at 20:01

Modified Dec 16, 2025 at 20:23

Affected Product

Vendor Fortra

Product Core Privileged Access Manager (BoKS)

Version This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain. The affected platforms are: Debian 11, 12, 13, RedHat 9, 10 and Ubuntu 24.

Affected Versions Fortra Core Privileged Access Manager (BoKS) This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain. The affected platforms are: Debian 11, 12, 13, RedHat 9, 10 and Ubuntu 24.

CWE Classification

CWE-916

References

www.fortra.com /security/advisories/product-security/fi-2025-014

{
    "lastseen": "",
    "description": "Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager (BoKS) can result in the selection of weak password hash algorithms. \u00a0This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain.",
    "published": "2025-12-16T20:01:02.743Z",
    "modified": "2025-12-16T20:23:51.768Z",
    "type": "cve",
    "title": "Weak Password Hash in Core Privileged Access Manager (BoKS)",
    "source": "Fortra",
    "references": "https://www.fortra.com/security/advisories/product-security/fi-2025-014",
    "id": "CVE-2025-13532",
    "bulletinFamily": "",
    "cwe": [
        "CWE-916"
    ],
    "cvelist": null,
    "sourceData": "Fortra Core Privileged Access Manager (BoKS) This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain. The affected platforms are: Debian 11, 12, 13, RedHat 9, 10 and Ubuntu 24.",
    "sourceHref": "",
    "cvss": {
        "score": 6.2,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Core Privileged Access Manager (BoKS)",
    "version": "This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain. The affected platforms are: Debian 11, 12, 13, RedHat 9, 10 and Ubuntu 24.",
    "vendor": "Fortra",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Weak Password Hash in Core Privileged Access Manager (BoKS)_CVE-2025-13532