RPMS Vulnerability?

[Kimball Bighorse]

Hi Sam Habiel and others,

Please consider this potential vulnerability in RPMS:

https://gist.github.com/kbighorse/fb24c9773d8cc0d4bb6e654b2ba58d3c

Once it's properly validated, we will submit to HHS for remediation.

cheers,

Kimball Bighorse

Lakeraven, LLC

[Kekoa]

This video accurately represents my surprise.

[Sam Habiel]

Looks like a minor issue to me. Somebody encrypting their password before saving on disk. AI classified this as "LOW" severity.

--Sam

--
--
http://groups.google.com/group/Hardhats
To unsubscribe, send email to Hardhats+u...@googlegroups.com

---
You received this message because you are subscribed to the Google Groups "Hardhats" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hardhats+u...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/hardhats/5b1729be-5696-4b06-a4f2-eaaa366f915en%40googlegroups.com.

[Kimball Bighorse]

I’d say impact is high but likelihood is low-medium, so low-medium severity would make sense.

Here’s one way we’re considering framing it:

“The vulnerability effectively makes database credentials available to anyone with administrative access to the RPMS application infrastructure.”

Kimball

You received this message because you are subscribed to a topic in the Google Groups "Hardhats" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/hardhats/v4eS0NAEnWs/unsubscribe.
To unsubscribe from this group and all its topics, send an email to hardhats+u...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/hardhats/CABHT961wm3_a39mVjxciB-XUwuYh%3DO2qanySOHcn%3DoJpd0ewpw%40mail.gmail.com.