Charactell · Charactell - Formstorm Enterprise · CVE-2022-22789
**Name of the Vulnerable Software and Affected Versions**
Charactell - FormStorm Enterprise (affected versions not specified)
**Description**
The issue allows an attacker to modify the passwords file for all users, enabling account takeover. The `xx users.ini` file in the FormStorm folder stores usernames in cleartext and an obfuscated password. An attacker can replace the existing password in the file to take over an account.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.