PT-2025-11587 · Unknown · Ntfs Tools
Reza Rashidi
·
Published
2025-03-18
·
Updated
2025-03-18
·
CVE-2025-2489
CVSS v4.0
6.8
Medium
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
NTFS Tools version 3.5.1
Description
The issue is related to insecure information storage. An attacker could exploit this to obtain the application password. The password is stored in the
/Users/user/Library/Application Support/ntfs-tool/config.json file.Recommendations
For NTFS Tools version 3.5.1, consider removing or securing the
config.json file to prevent unauthorized access to the application password. As a temporary workaround, restrict access to the /Users/user/Library/Application Support/ntfs-tool/ directory until a patch is available.Fix
Insecure Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ntfs Tools