CVE-2026-25607: CWE-261 Weak Encoding for Password in Centralny Instytut Ochrony Pracy - Państwowy Instytut Badawczy STER
Use of a weak password encoding algorithm in STER software allows the value of the password to be guessed after analyzing how passwords with known values are encoded. This issue was fixed in version 9.5.
AI Analysis
Technical Summary
The STER software used a weak password encoding algorithm, classified under CWE-261 (Weak Encoding for Password). This flaw enables attackers to deduce passwords by studying the encoding patterns of known passwords. The vulnerability affects versions prior to 9.5, and the vendor addressed the issue by fixing it in version 9.5. The CVSS 4.0 vector indicates the attack requires local access with high attack complexity and low privileges, and no user interaction is needed. There is no indication of known exploits in the wild. The vendor has not provided explicit remediation level details beyond the version fix.
Potential Impact
An attacker with local access and low privileges could potentially guess user passwords due to the weak encoding algorithm, compromising password confidentiality. This could lead to unauthorized access if passwords are reused or if the attacker escalates privileges. However, the attack complexity is high, and no remote exploitation or user interaction is required. No known exploits are reported in the wild.
Mitigation Recommendations
Upgrade the STER software to version 9.5 or later, where the weak password encoding vulnerability has been fixed. Since the vendor advisory confirms the issue is resolved in this version, applying this update is the recommended remediation. Patch status beyond this version is not explicitly stated, so verify with the vendor for any additional updates or guidance.
CVE-2026-25607: CWE-261 Weak Encoding for Password in Centralny Instytut Ochrony Pracy - Państwowy Instytut Badawczy STER
Description
Use of a weak password encoding algorithm in STER software allows the value of the password to be guessed after analyzing how passwords with known values are encoded. This issue was fixed in version 9.5.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The STER software used a weak password encoding algorithm, classified under CWE-261 (Weak Encoding for Password). This flaw enables attackers to deduce passwords by studying the encoding patterns of known passwords. The vulnerability affects versions prior to 9.5, and the vendor addressed the issue by fixing it in version 9.5. The CVSS 4.0 vector indicates the attack requires local access with high attack complexity and low privileges, and no user interaction is needed. There is no indication of known exploits in the wild. The vendor has not provided explicit remediation level details beyond the version fix.
Potential Impact
An attacker with local access and low privileges could potentially guess user passwords due to the weak encoding algorithm, compromising password confidentiality. This could lead to unauthorized access if passwords are reused or if the attacker escalates privileges. However, the attack complexity is high, and no remote exploitation or user interaction is required. No known exploits are reported in the wild.
Mitigation Recommendations
Upgrade the STER software to version 9.5 or later, where the weak password encoding vulnerability has been fixed. Since the vendor advisory confirms the issue is resolved in this version, applying this update is the recommended remediation. Patch status beyond this version is not explicitly stated, so verify with the vendor for any additional updates or guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- CERT-PL
- Date Reserved
- 2026-02-03T13:12:14.139Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a102913e1370fbb48de9db5
Added to database: 5/22/2026, 9:59:47 AM
Last enriched: 5/22/2026, 10:14:52 AM
Last updated: 5/23/2026, 6:21:12 PM
Views: 18
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.