PT-2021-11865 · Tinycheck · Tinycheck

Published

2021-01-19

Updated

2021-01-29

CVE-2020-35929

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: TinyCheck versions before commit 9fd360d and ea53de8

Description: The installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker for unauthorized access to remote data.

Recommendations: For versions before commit 9fd360d and ea53de8, update to a version that includes commits 9fd360d and ea53de8 to remove the hard-coded credentials. As a temporary workaround, consider restricting access to the backend part of the tool until a secure version is installed.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2020-35929

GHSA-9F7G-72H2-59G7

Affected Products

Tinycheck

PT-2021-11865 · Tinycheck · Tinycheck

CVE-2020-35929

Weakness Enumeration

Related Identifiers

Affected Products

References · 5