CVE-2021-34687

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can recover a system's Personal Key when a client attempts to make a LAN connection. The Personal Key is transmitted over the network while only being encrypted via a substitution cipher...

CVE-2021-34688

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static key and is therefore reversible by an...

CVE-2021-34689

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read the system's Personal Key in world-readable %PROGRAMDATA% log files...

CVE-2021-34688

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static key and is therefore reversible by an...

Privilege escalation

iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. A local and low-privileged user can force RemotePC to execute an attacker-controlled executable with SYSTEM privileges...

Authentication flaw

iDrive RemotePC before 7.6.48 on Windows allows authentication bypass. A remote and unauthenticated attacker can bypass cloud authentication to connect and control a system via TCP port 5970 and 5980...

Information disclosure

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can recover a system's Personal Key when a client attempts to make a LAN connection. The Personal Key is transmitted over the network while only being encrypted via a substitution cipher...

Design/Logic Flaw

iDrive RemotePC before 4.0.1 on Linux allows denial of service. A remote and unauthenticated attacker can disconnect a valid user session by connecting to an ephemeral port...

Information disclosure

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read the system's Personal Key in world-readable %PROGRAMDATA% log files...

CVE-2021-34692

iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. A local and low-privileged user can force RemotePC to execute an attacker-controlled executable with SYSTEM privileges...

CVE-2021-34692

CVE-2021-34692 affects iDrive RemotePC on Windows prior to 7.6.48. A local, low-privilege user can cause RemotePC to execute an attacker-controlled executable with SYSTEM privileges, enabling privilege escalation. The vulnerability stems from the product’s handling of executable execution, with e...

CVE-2021-34691

iDrive RemotePC before 4.0.1 on Linux allows denial of service. A remote and unauthenticated attacker can disconnect a valid user session by connecting to an ephemeral port...

CVE-2021-34691

CVE-2021-34691 affects iDrive RemotePC on Linux prior to 4.0.1. A remote, unauthenticated attacker can cause a denial of service by disconnecting a valid user session via connecting to an ephemeral port. The advisory indicates the vulnerable version is before 4.0.1; mitigation is upgrading to 4.0...

CVE-2021-34690

iDrive RemotePC before 7.6.48 on Windows allows authentication bypass. A remote and unauthenticated attacker can bypass cloud authentication to connect and control a system via TCP port 5970 and 5980...

CVE-2021-34690

The CVE affects iDrive RemotePC on Windows prior to version 7.6.48. A authentication bypass exists that allows a remote, unauthenticated attacker to bypass cloud authentication and connect to, and control, a system via TCP ports 5970 and 5980. Impact is high: attacker can take control without val...

CVE-2021-34689

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read the system's Personal Key in world-readable %PROGRAMDATA% log files...

CVE-2021-34689

Affected product: iDrive RemotePC on Windows. Version affected: prior to 7.6.48. Vulnerability type: information disclosure due to a flaw that allows a locally authenticated attacker to read the system’s Personal Key from world-readable log files in %PROGRAMDATA%. Root cause: Personal Key written...

CVE-2021-34688

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static key and is therefore reversible by an...

CVE-2021-34688

CVE-2021-34688 affects iDrive RemotePC on Windows prior to 7.6.48. A locally authenticated attacker can read an encrypted version of the system’s Personal Key from world-readable log files in %PROGRAMDATA%, because the encryption uses a hard-coded static key, making it reversible. The issue is a ...

CVE-2021-34687

CVE-2021-34687 affects iDrive RemotePC on Windows prior to 7.6.48. The vulnerability enables information disclosure where a man-in-the-middle can recover the system Personal Key during a LAN connection, because the key is transmitted over the network with only a substitution cipher for encryption.