Home / Early Warning / Security Advisories / Integria IMS incorrect authorization

Integria IMS incorrect authorization

Publication date: 
3 - Media
Affected resources: 

Integria IMS version 5.0.92.


INCIBE has coordinated the publication of a vulnerability in Integria IMS, with the internal code INCIBE-2021-0405, which has been discovered by @nag0mez (special mention to @_Barriuso).

CVE-2021-3833 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.5 has been calculated; the CVSS vector string is AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N.


This vulnerability has been solved in Integria IMS 5.0 93.


Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database.

An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.

This vulnerability has been solved in Integria IMS 5.0 93.

CWE-863: Incorrect Authorization.


08/04/2021 - Researchers discovery.
09/04/2021 - Researchers contact with INCIBE.
20/05/2021 - Integria IMS confirms that the fix version and the release software patch have been published (Security Patch).
06/10/2021 - The advisory is published by INCIBE.

If you have any information regarding this advisory, please contact INCIBE as indicated in the CVE Assignment and publication section.

Encuesta valoración