PT-2017-7734 · Hitek · Automize

Published

2017-01-23

Updated

2017-03-15

CVE-2016-10101

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Hitek Software's Automize versions 10.x through 11.x

Description Information Disclosure can occur due to users having the Read attribute, which allows an attacker to recover the encrypted password and access the Password Manager.

Recommendations For versions 10.x through 11.x, consider restricting access to the passManager.jsd file to minimize the risk of exploitation. As a temporary workaround, limit the Read attribute for users to prevent unauthorized access to the Password Manager.

Fix

Inadequate Encryption Strength

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-326CWE-255

Related Identifiers

CVE-2016-10101

Affected Products

Automize

PT-2017-7734 · Hitek · Automize

CVE-2016-10101

Weakness Enumeration

Related Identifiers

Affected Products

References · 4