CVE-2020-10552
📋 TL;DR
This vulnerability allows any user to access the Psyprax Firebird database with default credentials (sysdba/masterke), enabling unauthorized reading and modification of all data including passwords. It affects Psyprax installations before version 3.2.2 where the database hasn't been properly secured.
💻 Affected Systems
- Psyprax
📦 What is this software?
Psyprax by Psyprax
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the Psyprax system with attackers stealing all sensitive data, modifying records, and potentially using stolen credentials to access other systems.
Likely Case
Unauthorized access to sensitive patient/medical data, password theft, and data manipulation by local users or attackers who gain initial access.
If Mitigated
Limited impact if proper access controls, credential rotation, and network segmentation are implemented.
🎯 Exploit Status
Exploitation requires local access or ability to access database files. Credentials are well-known defaults.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.2.2
Vendor Advisory: https://www.x41-dsec.de/lab/advisories/x41-2020-002-psyprax
Restart Required: Yes
Instructions:
1. Upgrade Psyprax to version 3.2.2 or later. 2. Restart the Psyprax service. 3. Verify the Firebird database is no longer accessible with default credentials.
🔧 Temporary Workarounds
Change Firebird Database Credentials
allManually change the default sysdba password from 'masterke' to a strong, unique password
gsec -user sysdba -password masterke -modify sysdba -pw <new_strong_password>
Restrict Database File Access
linuxSet strict file permissions on Firebird database files to prevent unauthorized access
chmod 600 /path/to/psyprax.fdb
chown psyprax:psyprax /path/to/psyprax.fdb
🧯 If You Can't Patch
- Immediately change the Firebird sysdba password from the default 'masterke' to a strong, unique password
- Implement strict access controls and file permissions on database files, restricting access to only necessary service accounts
🔍 How to Verify
Check if Vulnerable:
Attempt to connect to the Firebird database using: isql -user sysdba -password masterke localhost:/path/to/psyprax.fdb. If connection succeeds, system is vulnerable.Check Version:
Check Psyprax version in application interface or configuration filesVerify Fix Applied:
Attempt the same connection with default credentials - it should fail. Verify Psyprax version is 3.2.2 or later.📡 Detection & Monitoring
Log Indicators:
- Failed authentication attempts to Firebird database
- Unexpected database connections from unauthorized users
Network Indicators:
- Unexpected connections to Firebird database port (default 3050)
- Database access from unauthorized IPs
SIEM Query:
source="firebird.log" AND (event="authentication failure" OR event="connection from" NOT user="authorized_user")