CVE-2016-10102

Name of the Vulnerable Software and Affected Versions Hitek Software's Automize versions 10.0 through 10.25 Hitek Software's Automize versions 11.0 through 11.14

Description The issue concerns the use of weak encryption in Hitek Software's Automize for SSH/SFTP and Encryption profile passwords. This weakness allows an attacker to retrieve encrypted passwords from files such as sshProfiles.jsd and encryptionProfiles.jsd, and then decrypt them to obtain the cleartext passwords.

Recommendations For versions 10.0 through 10.25, update to a version later than 10.25 to resolve the issue. For versions 11.0 through 11.14, update to a version later than 11.14 to resolve the issue. As a temporary workaround, consider restricting access to the sshProfiles.jsd and encryptionProfiles.jsd files to minimize the risk of exploitation.