Weak Password Hash in Core Privileged Access Manager (BoKS)

FI-2025-014 - Weak Password Hash in Core Privileged Access Manager (BoKS)

Severity

Medium

Published Date

16-Dec-2025

Updated Date

16-Dec-2025

Vulnerabilities

CVE-2025-13532

Notes

Description

Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager (BoKS) can result in the selection of weak password hash algorithms. This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain.

Vulnerabilities

Weak Password Hash in Core Privileged Access Manager (BoKS)

Severity

Medium

CVE

CVE-2025-13532

CWE

CWE-916:Use of Password Hash With Insufficient Computational Effort

Discovery Date

14-Nov-2025

CSSv3.1

6.2 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products

Vulnerability Notes

Remediation: Vendor Fix

Upgrade to BoKS Server Agent 9.0.0.4.

References

CVE-2025-13532

Weak Password Hash in Core Privileged Access Manager (BoKS)

FI-2025-014 - Weak Password Hash in Core Privileged Access Manager (BoKS)

Notes

Vulnerabilities

Vulnerability Notes

References

References

Privacy Policy

Cookie Policy

Terms of Service

Accessibility

Impressum