CVE-2016-5683

Name of the Vulnerable Software and Affected Versions ReadyDesk version 9.1

Description The issue allows local users to obtain cleartext SQL Server credentials. This is achieved by reading the SQL Config.aspx file and then decrypting the data using a hardcoded key found in the ReadyDesk.dll file.

Recommendations For ReadyDesk version 9.1, consider restricting access to the SQL Config.aspx file and the ReadyDesk.dll file to minimize the risk of exploitation. As a temporary workaround, avoid using hardcoded keys for decryption until a patch is available.