Описание
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static key and is therefore reversible by an attacker.
Ссылки
- Third Party Advisory
- Release NotesVendor Advisory
- Third Party Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.6.48 (исключая)
Одновременно
cpe:2.3:a:idrive:remotepc:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS
Процентиль: 20%
0.00065
Низкий
3.3 Low
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-798
Связанные уязвимости
CVSS3: 3.3
github
больше 3 лет назад
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static key and is therefore reversible by an attacker.
EPSS
Процентиль: 20%
0.00065
Низкий
3.3 Low
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-798