RVD#63: Weak cryptography

[aliasbot]

id: 63
title: 'RVD#63: Weak cryptography'
type: vulnerability
description: "An attacker with read-only file system access can tamper with the UAS\
  \ configuration, changing the privileges of existing accounts and changing or retrieving\
  \ all of the users\u2019 passwords  Acknowledgement: Davide Quarta, Marcello Pogliani,\
  \ Mario Polino, Federico Maggi, Andrea M. Zanchettin, Stefano Zanero"
cwe: CWE-Inadequate Encryption Strength (CWE-326)
cve: None
keywords:
- components hardware
- 'robot component: IRB140''s main computer'
- 'severity: critical'
- 'state: new'
- 'vendor: ABB'
- vulnerability
system: IRB140's main computer
vendor: ABB
severity:
  rvss-score: None
  rvss-vector: RVSS:1.0/AV:RN/AC:L/PR:N/UI:N/Y:T/S:U/C:H/I:L/A:N/H:N
  severity-description: ''
  cvss-score: 0
  cvss-vector: ''
links:
- https://github.com/aliasrobotics/RVD/issues/63
flaw:
  phase: unknown
  specificity: N/A
  architectural-location: N/A
  application: N/A
  subsystem: N/A
  package: N/A
  languages: None
  date-detected: '2017-05-03'
  detected-by: ''
  detected-by-method: N/A
  date-reported: '2017-05-03'
  reported-by: ''
  reported-by-relationship: N/A
  issue: https://github.com/aliasrobotics/RVD/issues/63
  reproducibility: ''
  trace: null
  reproduction: ''
  reproduction-image: ''
exploitation:
  description: ''
  exploitation-image: ''
  exploitation-vector: ''
  exploitation-recipe: ''
mitigation:
  description: ''
  pull-request: ''
  date-mitigation: null

[github-actions[bot]]

Feedback (automatically generated):

• FIXME: Flaw not identified as a vulnerability, weakness or exposure. Have you included # Vulnerability (or Weakness or Exposure) report at the top of the ticket?, see for more information or review other tickets to get inspiration

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.