CVE-2024-45744

Name of the Vulnerable Software and Affected Versions: TopBraid EDG versions prior to 7.3 TopBraid EDG versions 7.1.3

Description: TopBraid EDG stores external credentials insecurely, allowing an authenticated attacker with file system access to read edg-setup.properties and obtain the secret to decrypt external passwords stored in edg-vault.properties. This could enable the attacker to gain unauthorized access to sensitive information.

Recommendations: For versions prior to 7.3, consider upgrading to version 7.3 or later, which introduces HashiCorp Vault integration that does not store external passwords locally. For version 7.1.3, consider upgrading to version 7.3 or later to address the insecure storage of external credentials. For version 8.3.0, heed the warning about using plain text secrets and take appropriate measures to secure external credentials.