PT-2017-14282 · Sera · Sera
Mark Wadham
·
Published
2017-11-01
·
Updated
2019-10-03
·
CVE-2017-15918
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Sera version 1.2
Description
The issue allows for trivial privilege escalation and exposes user and system keychains to local attacks because it stores the user's login password in plain text in their home directory.
Recommendations
For Sera version 1.2, consider removing or securing the plain text password storage to prevent local attacks and privilege escalation. As a temporary workaround, restrict access to the home directory where the password is stored to minimize the risk of exploitation.
Exploit
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sera