CVE-2022-34392

Name of the Vulnerable Software and Affected Versions SupportAssist for Home PCs versions 3.11.4 and prior

Description The issue concerns an insufficient session expiration, allowing an authenticated non-admin user to obtain a refresh token. This token can then be reused to fetch sensitive information by reusing the access token.

Recommendations For versions 3.11.4 and prior, consider restricting access to sensitive information until a fix is available. As a temporary workaround, consider implementing additional session expiration checks to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.