Abstract Advisory Information
When put in Debug mode and used for RDP connections, the application store the emergency credentials in plaintext in the logs presents on the DEBUG folder that can be accessed by anyone.
Authors: Michael Lucas
Version affected
Name: SecurAccess
Versions: 9.3.502
Common Vulnerability Scoring System
6.5
VSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Patches
Unknown
References
None
Vulnerability Disclosure Timeline
- 02/10/2018 : Vulnerability discovered
- 08/10/2018 : Vendor contacted
- 11/10/2018 : Aknowledgement by the vendor
- 30/01/2019 : Public Disclosure