Home

Description

Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability (CWE-257) in the Web session management component allows an attacker to access stored passwords in a recoverable format which makes them subject to password reuse attacks by malicious users.This issue affects WebCTRL: from 6.0 through 9.0; i-Vu: from 6.0 through 9.0.

PUBLISHED Reserved 2025-12-08 | Published 2026-01-22 | Updated 2026-01-22 | Assigner Carrier




HIGH: 7.0CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N

Problem types

CWE-257: Storing Passwords in a Recoverable Format

Product status

Default status
unaffected

6.0 (custom)
affected

Default status
unaffected

6.0 (custom)
affected

Credits

Matthew Gregory (Verizon Network Security Red Team) reporter

Jeffery Jackson (Verizon Network Security Red Team) reporter

References

www.corporate.carrier.com/...-security/advisories-resources/

cve.org (CVE-2025-14295)

nvd.nist.gov (CVE-2025-14295)

Download JSON