High severity7.8NVD Advisory· Published Oct 5, 2021· Updated Jun 17, 2026
CVE-2021-41286
CVE-2021-41286
Description
Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authentication mechanism. When a user logs into the application, the validity of the password is checked locally. All communication to the database backend is made via the same technical account. Consequently, an attacker can attach a debugger to the process or create a patch that manipulates the behavior of the login function. When the function always returns the success value (corresponding to a correct password), an attacker can login with any desired account, such as the administrative account of the application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Omikron/MultiCash Desktopdescription
- Range: = 4.00.008.SP5
Patches
Vulnerability mechanics
References
1- www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-047.txtnvdThird Party Advisory
News mentions
0No linked articles in our index yet.