CVE-2010-2011

2010-05-2120:00:00

mitre

www.cve.org

microsoft dynamics gp

encryption vulnerability

substitution cipher

sensitive information

remote authenticated users

AI Score

Confidence

Low

EPSS

0.001

Percentile

42.3%

JSON

Microsoft Dynamics GP uses a substitution cipher to encrypt the system password field and unspecified other fields, which makes it easier for remote authenticated users to obtain sensitive information by decrypting a field’s contents.

References

blogs.msdn.com/developingfordynamicsgp/archive/2008/10/02/why-does-microsoft-dynamics-gp-encrypt-passwords.aspx

slashdot.org/story/10/05/21/1437227

www.christopherkois.com/?p=448