Full Disclosure mailing list archives
Stored credentials Ivanti Workspace Control can be retrieved from Registry
From: "Securify B.V. via Fulldisclosure" <fulldisclosure () seclists org>
Date: Mon, 1 Oct 2018 17:28:20 +0200
------------------------------------------------------------------------ Stored credentials Ivanti Workspace Control can be retrieved from Registry ------------------------------------------------------------------------ Yorick Koster, August 2018 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A flaw was found in Workspace Control that allows a local unprivileged user to retrieve the database or Relay server credentials from the Windows Registry. These credentials are encrypted, however the encryption that is used is reversible. ------------------------------------------------------------------------ Tested versions ------------------------------------------------------------------------ This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 & 10.2.950.0. ------------------------------------------------------------------------ Fix ------------------------------------------------------------------------ This issue was resolved in Ivanti Workspace Control version 10.3.10.0. ------------------------------------------------------------------------ Details ------------------------------------------------------------------------ https://www.securify.nl/advisory/SFY20180804/stored-credentials-ivanti-workspace-control-can-be-retrieved-from-registry.html _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Stored credentials Ivanti Workspace Control can be retrieved from Registry Securify B.V. via Fulldisclosure (Oct 01)