Description
Information Disclosure can occur in encryptionProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for GPG Encryption profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to and including 11.14.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://rastamouse.me/guff/2016/automize/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96850
Scores
CVSS v3
8.1
EPSS
0.0037
EPSS Percentile
28.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-255
CWE-326
Status
published
Products (39)
hiteksoftware/automize
10.00
hiteksoftware/automize
10.01
hiteksoftware/automize
10.02
hiteksoftware/automize
10.03
hiteksoftware/automize
10.04
hiteksoftware/automize
10.05
hiteksoftware/automize
10.06
hiteksoftware/automize
10.07
hiteksoftware/automize
10.08
hiteksoftware/automize
10.09
... and 29 more
Published
Jan 23, 2017
Tracked Since
Feb 18, 2026