VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 13, 2023· Updated Nov 26, 2024

CVE-2023-50444

CVE-2023-50444

Description

Default .ZED containers from PRIMX products include encrypted sensitive user information that can be brute-forced by unauthenticated attackers.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Default .ZED containers from PRIMX products include encrypted sensitive user information that can be brute-forced by unauthenticated attackers.

Vulnerability

By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3, ZED! for Windows before Q.2021.2, ZONECENTRAL for Windows before Q.2021.2 and before 2023.5, ZEDMAIL for Windows before 2023.5, and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information. An unauthenticated attacker can obtain this information via brute force.

Exploitation

No authentication or user interaction is required. The attacker can access the .ZED container over the network and perform brute-force attacks on the encrypted metadata. The attack complexity is high due to the encryption, but weak user passwords make the attack feasible.

Impact

Successful exploitation leads to disclosure of sensitive user information. The confidentiality impact is high; integrity and availability are not affected. The scope of the attack is changed, meaning the compromise affects resources beyond the initial container.

Mitigation

Upgrade to a fixed version: ZED! Enterprise for Windows Q.2020.3 (ANSSI validated), Q.2021.2 (ANSSI validated), or minimal version 2023.5; ZONECENTRAL for Windows Q.2021.2 (ANSSI validated) or minimal version 2023.5; ZEDMAIL for Windows minimal version 2023.5 [2]. No workaround is available. Use strong passwords to reduce brute-force risk.

References
  1. Security Bulletin 23B30874

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4
  • PRIMX/ZED!description
  • PRIMX/ZEDMAILllm-create
    Range: < 2023.5 (Windows)
  • Zed Industries/Zedllm-fuzzy
    Range: < Q.2020.3 (Windows) / < 2023.5 (Windows, Mac, Linux)
  • PRIMX/ZONECENTRALllm-fuzzy
    Range: < Q.2021.2 (Windows) / < 2023.5 (Windows)

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

2

News mentions

0

No linked articles in our index yet.