Damir Bozic

**Name of the Vulnerable Software and Affected Versions** Baramundi Management Suite versions 7.5 through 8.9 **Description** The issue allows remote attackers to obtain sensitive information by sniffing the network, and allows context-dependent attackers to obtain sensitive information by reading a file, due to the use of cleartext for client-server communication and data storage. **Recommendations** For versions 7.5 through 8.9, consider encrypting client-server communication and data storage to prevent sensitive information from being obtained by unauthorized parties. As a temporary workaround, restrict access to the network and sensitive files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Baramundi Management Suite versions 7.5 through 8.9 **Description** The issue allows remote attackers to obtain sensitive information by reading a file, as credentials are stored in cleartext on deployed machines through the OS deployment feature. **Recommendations** For versions 7.5 through 8.9, consider restricting access to the deployed machines to minimize the risk of exploitation until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Baramundi Management Suite versions 7.5 through 8.9 **Description** The issue involves an unspecified DLL file in the software that uses a hardcoded encryption key. This makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere. **Recommendations** For versions 7.5 through 8.9, consider restricting access to the affected DLL file until a patch is available. As a temporary workaround, avoid using the cryptographic protection mechanisms that rely on the hardcoded encryption key. At the moment, there is no information about a newer version that contains a fix for this issue.