Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
5DescriptionCVE.org
Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access.
AnalysisAI
Anviz CrossChex Standard time and attendance software transmits database credentials in plaintext when attackers downgrade TDS7 PreLogin protocol encryption, enabling remote unauthenticated access to backend databases containing employee data and access control records. CVSS 7.5 (High) with network attack vector and no prerequisites. Reported by CISA ICS-CERT, indicating industrial/physical security context. EPSS and KEV status not provided in available data.
Technical ContextAI
This vulnerability targets the Tabular Data Stream (TDS) protocol version 7, which Microsoft SQL Server and compatible databases use for client-server communication. TDS7's PreLogin handshake negotiates encryption settings before authentication. The flaw (CWE-757: Selection of Less-Secure Algorithm During Negotiation) allows attackers to force protocol downgrade by manipulating PreLogin packets to disable encryption entirely. Once downgraded, authentication credentials transit unencrypted over the network. Anviz CrossChex Standard is workforce management software commonly deployed in physical access control and time-tracking systems across critical infrastructure sectors. The affected CPE indicates all versions of the standard edition are vulnerable, though specific version ranges are not enumerated in available data.
RemediationAI
Contact Anviz directly via https://www.anviz.com/contact-us.html to obtain patched software versions, as no specific fix version is documented in available references. Review CISA advisory ICSA-26-106-03 at https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03 for updated mitigation guidance. Immediate compensating controls: enforce TLS/IPsec encryption at network layer for all traffic to/from CrossChex database servers, ensuring TDS-level encryption failures do not expose credentials (note: adds operational complexity and may impact legacy client compatibility). Restrict database server network access to management VLANs using firewall rules, blocking untrusted network segments from reaching TCP port 1433 or configured SQL Server ports (verify application functionality with restricted access before production deployment). Implement network intrusion detection rules to alert on TDS PreLogin packets with encryption disabled flags. Rotate all database credentials immediately and audit logs for unauthorized access attempts. These workarounds reduce but do not eliminate risk, as management network compromise still enables exploitation.
More in Anviz Crosschex Standard
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-23508