Lucene search
SEC-VLabVULNRICHMENT:CVE-2024-36497HistoryJun 24, 2024 - 9:06 a.m.
CVE-2024-36497 Unhashed Storage of Password
2024-06-2409:06:03
CWE-312
SEC-VLab
github.com
3
cve-2024-36497
password
cleartext
winselect
AI Score
7
Confidence
Low
EPSS
0
Percentile
15.6%
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
total
The decrypted configuration file contains the password in cleartext
which is used to configure WINSelect. It can be used to remove the
existing restrictions and disable WINSelect entirely.
CNA Affected
[
{
"vendor": "Faronics",
"product": "WINSelect (Standard + Enterprise)",
"versions": [
{
"status": "unaffected",
"version": "8.30.xx.903",
"versionType": "custom"
}
],
"defaultStatus": "affected"
}
]ADP Affected
[
{
"cpes": [
"cpe:2.3:a:faronics:winselect:*:*:*:*:*:*:*:*"
],
"vendor": "faronics",
"product": "winselect",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "8.30.xx.903",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]Related
cvelist
cvelist
CVE-2024-36497 Unhashed Storage of Password
2024-06-24 09:06:03
cve
cve
CVE-2024-36497
2024-06-24 09:15:09
nvd
nvd
CVE-2024-36497
2024-06-24 09:15:09
packetstorm
packetstorm
AI Score
7
Confidence
Low
EPSS
0
Percentile
15.6%
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
total
Related for VULNRICHMENT:CVE-2024-36497