Описание
The PureVPN client before 6.1.0 for Windows stores Login Credentials (username and password) in cleartext. The location of such files is %PROGRAMDATA%\purevpn\config\login.conf. Additionally, all local users can read this file.
Ссылки
- https://www.trustwave.com/Resources/SpiderLabs-Blog/Credential-Leak-Flaws-in-Windows-PureVPN-Client/ExploitThird Party Advisory
- https://www.trustwave.com/Resources/SpiderLabs-Blog/Credential-Leak-Flaws-in-Windows-PureVPN-Client/ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.1.0 (исключая)
cpe:2.3:a:purevpn:purevpn:*:*:*:*:*:windows:*:*
EPSS
Процентиль: 13%
0.00044
Низкий
7.8 High
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-522
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
The PureVPN client before 6.1.0 for Windows stores Login Credentials (username and password) in cleartext. The location of such files is %PROGRAMDATA%\purevpn\config\login.conf. Additionally, all local users can read this file.
EPSS
Процентиль: 13%
0.00044
Низкий
7.8 High
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-522