PT-2023-26380 · Minitool · Minitool Power Data Recovery

0Dr3F

Publicado

2023-09-10

Atualizado

2023-10-13

CVE-2023-38353

CVSS v3.1

5.9

Média

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions MiniTool Power Data Recovery versions 11.6 and before MiniTool Power Data Recovery version 11.5

Description The issue concerns an insecure in-app payment system in MiniTool Power Data Recovery, which can be exploited through a man-in-the-middle attack, allowing attackers to steal highly sensitive information.

Recommendations For MiniTool Power Data Recovery versions 11.6 and before, update to a version later than 11.6 to resolve the issue. For MiniTool Power Data Recovery version 11.5, update to a version later than 11.5 to resolve the issue. As a temporary workaround, consider disabling the in-app payment system until a patch is available.

Correção

Improper Certificate Validation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-295

Identificadores relacionados

CVE-2023-38353

Produtos afetados

Minitool Power Data Recovery

PT-2023-26380 · Minitool · Minitool Power Data Recovery

CVE-2023-38353

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8