Luke Barone

1 exploit Active since Jul 2024
CVE-2024-41954 WRITEUP MEDIUM WRITEUP
fogproject 1.5.10-1.5.10.41 - Unauthenticated Sensitive Information Exposure via .fogsettings File
FOG is a cloning/imaging/rescue suite/inventory management system. The application stores plaintext service account credentials in the "/opt/fog/.fogsettings" file. This file is by default readable by all users on the host. By exploiting these credentials, a malicious user could create new accounts for the web application and much more. The vulnerability is fixed in 1.5.10.41.
CVSS 5.3