PT-2026-44973 · Strongdm+1 · Strongdm Desktop Application+2
Hope Walker
·
Published
2026-05-29
·
Updated
2026-06-02
·
CVE-2026-4387
CVSS v4.0
2.0
Low
| Vector | AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
StrongDM Desktop Application versions prior to 23.74.0
StrongDM Desktop Client versions prior to 53.77.0
Description
On Microsoft Windows, the software stores authentication state in cleartext within a per-user state file located at "C:Users.sdmstate.kv". This file contains a JSON Web Token (JWT) and asymmetric RSA key material, protected only by default user-level NTFS permissions. An attacker with local read access to the user's profile directory can exfiltrate this file and deploy it on another host to hijack sessions and gain authenticated access to infrastructure resources without needing credentials. Additionally, the local endpoint "http://127.0.0.1:65220/v2/authentication" leaked JWTs.
Recommendations
Update StrongDM Desktop Application to version 23.74.0 or later.
Update StrongDM Desktop Client to version 53.77.0 or later.
Fix
Cleartext Storage of Sensitive Information
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Strongdm Desktop Application
Strongdm Desktop Client
Windows