CVE Vulnerabilities

CVE-2018-13014

Insufficiently Protected Credentials

Published: Jun 29, 2018 | Modified: Nov 21, 2024
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Storing password in recoverable format in safensec.com (SysWatch service) in SAFENSEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.2 allows the local attacker to restore the SysWatch password from the settings database and modify program settings.

Weakness

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Affected Software

Name Vendor Start Version End Version
Enterprise_suite Safensoft * 4.4.2 (excluding)
Syswatch Safensoft * 4.4.2 (excluding)
Tpsecure Safensoft * 4.4.2 (excluding)

Potential Mitigations

References