CVE-2018-14608

Name of the Vulnerable Software and Affected Versions Thomson Reuters UltraTax CS version 2017

Description The software has a password protection option, but the level of protection may not meet some customers' expectations because the data is stored in cleartext. Customer data is stored in unique directories and can be accessed without authentication by examining the strings of the .XX17 file. These strings contain sensitive customer information, including Full Name, Spouse's Name, Social Security Number, Date of Birth, Occupation, Home Address, Daytime Phone Number, Home Phone Number, and other personal details.

Recommendations For Thomson Reuters UltraTax CS version 2017, consider implementing additional security measures to protect customer data, such as encrypting the .XX17 files or restricting access to the directories where the files are stored. As a temporary workaround, restrict access to the sensitive directories (%install path%WinCSIUT17DATAclient IDfile name.XX17) to minimize the risk of unauthorized data access.