Headline
CVE-2020-35992: GitHub - micahvandeusen/PrologueDecrypt
Fiserv Prologue through 2020-12-16 does not properly protect the database password. If an attacker were to gain access to the configuration file (specifically, the LogPassword attribute within appconfig.ini), they would be able to decrypt the password stored within the configuration file. This would yield cleartext credentials for the database (to gain access to financial records of customers stored within the database), and in some cases would allow remote login to the database.
PrologueDecrypt (CVE-2020-35992)****Description
Fiserv Prologue uses a static encryption key across all installations. PrologueDecrypt is an offensive security C# tool designed to decrypt the passwords located in Prologue config files.
Setup
Download PrologueDecrypt
Register the required crypto COM library as an admin user regsvr32 IPSCrypto.dll
Open up PrologueDecrypt.sln in Visual Studio (was tested using Visual Studio 2019) and build.
Run PrologueDecrypt.exe passing the encrypted string without the @ symbol at the start of the string.