CVE-2016-10104

Name of the Vulnerable Software and Affected Versions Hitek Software's Automize versions 10.0 through 10.25 Hitek Software's Automize versions 11.0 through 11.14

Description The issue allows an attacker to recover encrypted passwords for SSH/SFTP profiles due to the Read attribute being set for Users in sshProfiles.jsd. This can lead to Information Disclosure.

Recommendations For versions 10.0 through 10.25, restrict access to the sshProfiles.jsd file to minimize the risk of exploitation. For versions 11.0 through 11.14, consider disabling the Read attribute for Users in sshProfiles.jsd until a patch is available. As a temporary workaround, avoid using the SSH/SFTP profiles in Automize until the issue is resolved.