The StrongDM Client insufficiently protected a pre-authentication token. Attackers could exploit this to intercept and reuse the token, potentially redeeming valid authentication credentials through a race condition.
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.