CVE-2018-10814

HIGH

Synametrics SynaMan 4.0 build 1488 - Insufficiently Protected SMTP Credentials

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-10814. PoCs published by bzyo.

AI-analyzed exploit summary This exploit details an information disclosure vulnerability in SynaMan 4.0 where SMTP passwords are stored in plaintext within the AppConfig.xml file, accessible to any local user. The PoC demonstrates the exposure of sensitive credentials without requiring exploitation code.

Description

Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials.

Exploits (1)

exploitdb WRITEUP

by bzyo · textwebappswindows

https://www.exploit-db.com/exploits/45387

View Code ZIP pw:eip

This exploit details an information disclosure vulnerability in SynaMan 4.0 where SMTP passwords are stored in plaintext within the AppConfig.xml file, accessible to any local user. The PoC demonstrates the exposure of sensitive credentials without requiring exploitation code.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: SynaMan 4.0 build 1488

No auth needed

Prerequisites: Local access to the system running SynaMan

MITRE ATT&CK

T1552.001 - Credentials In Files

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/149326/SynaMan-40-Build-1488-SMTP-Credential-Disclosure.html

Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45387/

Scores

CVSS v3 7.8

EPSS 0.0143

EPSS Percentile 69.5%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-522

Status published

Products (1)

synametrics/synaman 4.0

Published Sep 14, 2018

Tracked Since Feb 18, 2026