Description
Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for SSH/SFTP profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to and including 11.14.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96845
Third Party Advisory x_refsource_misc
https://rastamouse.me/guff/2016/automize/
Scores
CVSS v3
5.9
EPSS
0.0057
EPSS Percentile
42.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-326
Status
published
Products (39)
hiteksoftware/automize
10.00
hiteksoftware/automize
10.01
hiteksoftware/automize
10.02
hiteksoftware/automize
10.03
hiteksoftware/automize
10.04
hiteksoftware/automize
10.05
hiteksoftware/automize
10.06
hiteksoftware/automize
10.07
hiteksoftware/automize
10.08
hiteksoftware/automize
10.09
... and 29 more
Published
Jan 23, 2017
Tracked Since
Feb 18, 2026