Cody Kretsinger

**Name of the Vulnerable Software and Affected Versions** Kaseya Rapid Fire Tools Network Detective version 2.0.16.0 **Description** Kaseya Rapid Fire Tools Network Detective stores unencrypted credentials (for privileged access) in the `collector.txt` configuration file. **Recommendations** Ensure the `collector.txt` configuration file is securely stored and access is restricted to authorized personnel.

**Name of the Vulnerable Software and Affected Versions** Kaseya Rapid Fire Tools Network Detective versions through 2.0.16.0 **Description** A cryptographic implementation flaw exists in the password encryption mechanism within the `EncryptionUtil` class. Symmetric encryption is implemented in a deterministic and non-randomized fashion, deriving both the encryption key and the Initialization Vector (IV) from a fixed, hardcoded input using a static salt value. Identical plaintext inputs consistently produce identical ciphertext outputs, regardless of whether FIPS or non-FIPS encryption methods are used. This predictability and reversibility stem from the lack of per-operation randomness and encryption authentication. **Recommendations** Versions prior to 2.0.16.0 should be used.