PT-2017-7735 · Hitek · Automize

Published

2017-01-23

Updated

2017-03-16

CVE-2016-10102

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Hitek Software's Automize versions 10.0 through 10.25 Hitek Software's Automize versions 11.0 through 11.14

Description The issue concerns the use of weak encryption in Hitek Software's Automize for SSH/SFTP and Encryption profile passwords. This weakness allows an attacker to retrieve encrypted passwords from files such as sshProfiles.jsd and encryptionProfiles.jsd, and then decrypt them to obtain the cleartext passwords.

Recommendations For versions 10.0 through 10.25, update to a version later than 10.25 to resolve the issue. For versions 11.0 through 11.14, update to a version later than 11.14 to resolve the issue. As a temporary workaround, consider restricting access to the sshProfiles.jsd and encryptionProfiles.jsd files to minimize the risk of exploitation.

Fix

Inadequate Encryption Strength

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-326

Related Identifiers

CVE-2016-10102

Affected Products

Automize

PT-2017-7735 · Hitek · Automize

CVE-2016-10102

Weakness Enumeration

Related Identifiers

Affected Products

References · 4