PT-2021-21666 · Nch · Nch Quorum

Published

2021-07-25

Updated

2022-07-12

CVE-2021-37452

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions NCH Quorum versions 2.03 and earlier

Description The issue allows local users to discover cleartext login information relating to users by reading the local .dat configuration files.

Recommendations For versions 2.03 and earlier, consider restricting access to the local .dat configuration files to minimize the risk of exploitation. As a temporary workaround, limit local user privileges to prevent unauthorized access to sensitive configuration files until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312

Related Identifiers

CVE-2021-37452

Affected Products

Nch Quorum

PT-2021-21666 · Nch · Nch Quorum

CVE-2021-37452

Weakness Enumeration

Related Identifiers

Affected Products

References · 5