PT-2020-20458 · American Dynamics+1 · American Dynamics Victor Video Management System+1
Published
2020-05-21
·
Updated
2022-10-13
·
CVE-2020-9045
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Software House C•CURE 9000 version 2.70
American Dynamics victor Video Management System version 5.2
Description
The issue concerns the logging of user credentials during the installation or upgrade process. When installing or upgrading to the affected software versions, the credentials of the user performing the installation or upgrade are logged in a file. This install log file remains after the installation is complete.
Recommendations
For Software House C•CURE 9000 version 2.70, consider removing the install log file after installation to prevent unauthorized access to the logged credentials.
For American Dynamics victor Video Management System version 5.2, restrict access to the install log file to minimize the risk of credential exposure.
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
American Dynamics Victor Video Management System
Software House Ccure 9000