Weak password encoding in STER_CVE-2026-25607

5.7 / 10

MEDIUM

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Use of a weak password encoding algorithm in STER software allows the value of the password to be guessed after analyzing how passwords with known values are encoded.

This issue was fixed in version 9.5.

Basic Information

ID CVE-2026-25607

Source CERT-PL

Published May 22, 2026 at 09:14

Affected Product

Vendor Centralny Instytut Ochrony Pracy - Państwowy Instytut Badawczy

Product STER

Affected Versions Centralny Instytut Ochrony Pracy - Państwowy Instytut Badawczy STER 0

CWE Classification

CWE-261

References

{
    "lastseen": "",
    "description": "Use of a weak password encoding algorithm in STER software allows the value of the password to be guessed after analyzing how passwords with known values are encoded.\n\nThis issue was fixed in version 9.5.",
    "published": "2026-05-22T09:14:47.530Z",
    "modified": "2026-05-22T09:14:47.530Z",
    "type": "cve",
    "title": "Weak password encoding in STER",
    "source": "CERT-PL",
    "references": "https://cert.pl/posts/2026/05/CVE-2026-25606\nhttps://www.ciop.pl/CIOPPortalWAR/appmanager/ciop/pl?_nfpb=true&_pageLabel=P52000165211572544981480",
    "id": "CVE-2026-25607",
    "bulletinFamily": "",
    "cwe": [
        "CWE-261"
    ],
    "cvelist": null,
    "sourceData": "Centralny Instytut Ochrony Pracy - Pa\u0144stwowy Instytut Badawczy STER 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.7,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "STER",
    "version": "0",
    "vendor": "Centralny Instytut Ochrony Pracy - Pa\u0144stwowy Instytut Badawczy",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}