CVE-2016-10103

Name of the Vulnerable Software and Affected Versions Hitek Software's Automize versions 10.0 through 10.25 Hitek Software's Automize versions 11.0 through 11.14

Description The issue allows an attacker to recover encrypted passwords for GPG Encryption profiles due to the Read attribute being set for Users in encryptionProfiles.jsd. This can lead to Information Disclosure.

Recommendations For versions 10.0 through 10.25, consider restricting access to the encryptionProfiles.jsd file to prevent unauthorized reading of encrypted passwords. For versions 11.0 through 11.14, consider restricting access to the encryptionProfiles.jsd file to prevent unauthorized reading of encrypted passwords. As a temporary workaround, consider disabling the GPG Encryption profiles until a patch is available.