PT-2018-11540 · Softcontrol/Safensoft · Enterprise Suite+2

Artem Ivachev

Published

2018-06-29

Updated

2019-10-03

CVE-2018-13014

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SoftControl/SafenSoft SysWatch versions prior to 4.4.2 SoftControl/SafenSoft TPSecure versions prior to 4.4.2 SoftControl/SafenSoft Enterprise Suite versions prior to 4.4.2

Description The issue allows a local attacker to restore the SysWatch password from the settings database and modify program settings due to the storage of passwords in a recoverable format in the SysWatch service.

Recommendations For SoftControl/SafenSoft SysWatch versions prior to 4.4.2, update to version 4.4.2 or later. For SoftControl/SafenSoft TPSecure versions prior to 4.4.2, update to version 4.4.2 or later. For SoftControl/SafenSoft Enterprise Suite versions prior to 4.4.2, update to version 4.4.2 or later.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2018-13014

Affected Products

Enterprise Suite

Syswatch

Tpsecure

PT-2018-11540 · Softcontrol/Safensoft · Enterprise Suite+2

CVE-2018-13014

Weakness Enumeration

Related Identifiers

Affected Products

References · 3