PT-2021-23989 · Unknown · Allegro Windows

Dominique Righetto

Published

2021-12-08

Updated

2021-12-13

CVE-2021-43978

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Allegro Windows version 3.3.4152.0

Description: The issue allows users to access and modify data using the same credentials as the software administrator because the credentials are embedded into the binary files of Allegro Windows.

Recommendations: For Allegro Windows version 3.3.4152.0, consider restricting access to the binary files to minimize the risk of exploitation until a fix is available.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2021-43978

Affected Products

Allegro Windows

PT-2021-23989 · Unknown · Allegro Windows

CVE-2021-43978

Weakness Enumeration

Related Identifiers

Affected Products

References · 6