Abstract Advisory Information
When put in Debug mode and used for RDP connections, the application store the emergency credentials in plaintext in the logs presents on the DEBUG folder that can be accessed by anyone.
Author: Michael Lucas
Version affected
Name: SecurAccess
Versions: 9.3.502Common Vulnerability Scoring System
6.5
VSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NPatches
Unknown
References
None
Vulnerability Disclosure Timeline
- 02/10/2018 : Vulnerability discovered
- 08/10/2018 : Vendor contacted
- 11/10/2018 : Aknowledgement by the vendor
- 30/01/2019 : Public Disclosure