CVE-2017-15918

HIGH

Sera 1.2 - Insufficiently Protected Credentials via Plain Text Password Storage

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-15918. PoCs published by Mark Wadham.

AI-analyzed exploit summary This exploit leverages a local privilege escalation vulnerability in SeraOSX by extracting the user's plaintext password from a configuration file and abusing sudo to modify the sudoers file, granting root access.

Description

Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks.

Exploits (1)

exploitdb WORKING POC

by Mark Wadham · bashlocalmacos

https://www.exploit-db.com/exploits/43221

View Code ZIP pw:eip

This exploit leverages a local privilege escalation vulnerability in SeraOSX by extracting the user's plaintext password from a configuration file and abusing sudo to modify the sudoers file, granting root access.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: SeraOSX 1.2

Auth required

Prerequisites: User must have used SeraOSX and have the configuration file present · User must have sudo privileges

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.003 - Sudo and Sudo Caching

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://m4.rkw.io/blog/cve201715918-sera-12-local-root-privesc-and-password-disclosure.html

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/43221/

Scores

CVSS v3 7.8

EPSS 0.0115

EPSS Percentile 62.8%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-522

Status published

Products (1)

ignitum/sera 1.2 (2 CPE variants)

Published Nov 01, 2017

Tracked Since Feb 18, 2026