CVE-2018-18466

CVE-2018-18466

by adidionxlm

Abstract Advisory Information

When put in Debug mode and used for RDP connections, the application store the emergency credentials in plaintext in the logs presents on the DEBUG folder that can be accessed by anyone.

Authors: Michael Lucas

Version affected

Name: SecurAccess
Versions: 9.3.502

Common Vulnerability Scoring System

6.5
VSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Patches

Unknown

References

None

Vulnerability Disclosure Timeline

  • 02/10/2018 : Vulnerability discovered
  • 08/10/2018 : Vendor contacted
  • 11/10/2018 : Aknowledgement by the vendor
  • 30/01/2019 : Public Disclosure
Top