Stored credentials Ivanti Workspace Control can be retrieved from Registry

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

------------------------------------------------------------------------
Stored credentials Ivanti Workspace Control can be retrieved from
Registry
------------------------------------------------------------------------
Yorick Koster, August 2018

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A flaw was found in Workspace Control that allows a local unprivileged
user to retrieve the database or Relay server credentials from the
Windows Registry. These credentials are encrypted, however the
encryption that is used is reversible.

------------------------------------------------------------------------
Tested versions
------------------------------------------------------------------------
This issue was successfully verified on Ivanti Workspace Control version
10.2.700.1 & 10.2.950.0.

------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
This issue was resolved in Ivanti Workspace Control version 10.3.10.0.

------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://www.securify.nl/advisory/SFY20180804/stored-credentials-ivanti-workspace-control-can-be-retrieved-from-registry.html
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux