PT-2022-12124 · Unknown · Vigilant Software Suite

Published

2022-01-21

Updated

2022-01-28

CVE-2021-44464

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3

Description The issue concerns service credentials that are likely common across all instances of the software. An attacker with possession of the password may gain privileges on all installations.

Recommendations For version 2.0.1.3, consider changing the service credentials to unique values for each installation to prevent attackers from gaining privileges across all instances. As a temporary workaround, restrict access to the service credentials to minimize the risk of exploitation.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2021-44464

Affected Products

Vigilant Software Suite

PT-2022-12124 · Unknown · Vigilant Software Suite

CVE-2021-44464

Weakness Enumeration

Related Identifiers

Affected Products

References · 5