Storing password in recoverable format in safensec.com (SysWatch service) in SAFENSEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.2 allows the local attacker to restore the SysWatch password from the settings database and modify program settings.
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Enterprise_suite | Safensoft | * | 4.4.2 (excluding) |
Syswatch | Safensoft | * | 4.4.2 (excluding) |
Tpsecure | Safensoft | * | 4.4.2 (excluding) |