PT-2017-7736 · Hitek · Automize

Published

2017-01-23

Updated

2017-03-16

CVE-2016-10103

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Hitek Software's Automize versions 10.0 through 10.25 Hitek Software's Automize versions 11.0 through 11.14

Description The issue allows an attacker to recover encrypted passwords for GPG Encryption profiles due to the Read attribute being set for Users in encryptionProfiles.jsd. This can lead to Information Disclosure.

Recommendations For versions 10.0 through 10.25, consider restricting access to the encryptionProfiles.jsd file to prevent unauthorized reading of encrypted passwords. For versions 11.0 through 11.14, consider restricting access to the encryptionProfiles.jsd file to prevent unauthorized reading of encrypted passwords. As a temporary workaround, consider disabling the GPG Encryption profiles until a patch is available.

Fix

Inadequate Encryption Strength

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-326CWE-255

Related Identifiers

CVE-2016-10103

Affected Products

Automize

PT-2017-7736 · Hitek · Automize

CVE-2016-10103

Weakness Enumeration

Related Identifiers

Affected Products

References · 4