2 matches found
CVE-2019-20150
In TreasuryXpress 19191105, a logged-in user can discover saved credentials, even though the UI hides them. Using functionality within the application and a malicious host, it is possible to force the application to expose saved SSH/SFTP credentials. This can be done by using the application's...
CVE-2019-20150
CVE-2019-20150 affects TreasuryXpress 19191105. A logged-in user can reveal saved SSH/SFTP credentials by manipulating the app’s editor to point the SFTP Host IP at a malicious host and then invoking Check Connectivity, causing the application to send saved credentials to the attacker-controlled ...