Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users have the Read attribute, which allows an attacker to recover the encrypted password to access the Password Manager.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 3.0 | 8.1 | HIGH | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Primary | 2.0 | 4.3 | MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
| Hyperlink | Source | Resource |
|---|---|---|
| http://www.securityfocus.com/bid/96840 | cve@mitre.org | N/A |
| https://rastamouse.me/guff/2016/automize/ | cve@mitre.org | Third Party Advisory |
| http://www.securityfocus.com/bid/96840 | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| https://rastamouse.me/guff/2016/automize/ | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory |