PT-2016-6638 · Readydesk · Readydesk
Andrew Tierney
·
Published
2016-08-26
·
Updated
2016-11-28
·
CVE-2016-5683
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ReadyDesk version 9.1
Description
The issue allows local users to obtain cleartext SQL Server credentials. This is achieved by reading the SQL Config.aspx file and then decrypting the data using a hardcoded key found in the ReadyDesk.dll file.
Recommendations
For ReadyDesk version 9.1, consider restricting access to the SQL Config.aspx file and the ReadyDesk.dll file to minimize the risk of exploitation. As a temporary workaround, avoid using hardcoded keys for decryption until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Readydesk