PT-2023-5851 · Qvpn · Qvpn Device Client+1

Runzi Zhao

·

Publicado

2023-10-06

·

Atualizado

2023-10-11

·

CVE-2023-23370

CVSS v3.1

6.7

Média

VetorAV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N
Name of the Vulnerable Software and Affected Versions QVPN Device Client versions prior to 2.1.0.0518
Description The issue is related to insufficient protection of credentials, which could allow local authenticated administrators to gain access to user accounts and sensitive data via unspecified vectors.
Recommendations For versions prior to 2.1.0.0518, update to QVPN Windows 2.1.0.0518 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data until the update is applied.

Correção

Insufficiently Protected Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522

Identificadores relacionados

BDU:2023-06538
CVE-2023-23370

Produtos afetados

Qvpn Device Client
Qvpn Windows