Texas Instruments Fusion Digital Power Designer 7.10.1 Credential Disclosure

`Insufficiently Protected Credentials in Texas Instruments Fusion Digital Power Designer v.7.10.1  
  
  
  
Credit: Gionathan Armando Reale  
  
  
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////  
  
# Product: Fusion Digital Power Designer - Version 7.10.1  
# Vendor: Texas Instruments  
# CVE ID: CVE-2024-41629  
# Vulnerability Title: Insufficiently Protected Credentials  
# Severity: Medium  
# Author(s): Gionathan Armando Reale  
# Date: 2024-08-15  
#  
#############################################################  
Introduction:  
An issue in Texas Instruments Fusion Digital Power Designer v.7.10.1 allows a local attacker to obtain sensitive information via the plaintext storage of credentials.  
  
Vulnerability PoC:  
  
1. Create a connection within the application that requires credentials.  
2. Access the file "C:/Program Files (x86)/Texas Instruments/Fusion Digial Power Designer/data/prefs-shared.xml"  
3. Notice the credentials stored as plaintext.  
  
  
  
  
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////  
  
`