[<prev] [next>] [day] [month] [year] [list]
Message-ID: <c1da2db3-51df-d132-8b17-d7c6cda03dcb@securify.nl>
Date: Mon, 1 Oct 2018 17:28:20 +0200
From: "Securify B.V. via Fulldisclosure" <fulldisclosure@...lists.org>
To: fulldisclosure@...lists.org
Subject: [FD] Stored credentials Ivanti Workspace Control can be retrieved
from Registry
------------------------------------------------------------------------
Stored credentials Ivanti Workspace Control can be retrieved from
Registry
------------------------------------------------------------------------
Yorick Koster, August 2018
------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A flaw was found in Workspace Control that allows a local unprivileged
user to retrieve the database or Relay server credentials from the
Windows Registry. These credentials are encrypted, however the
encryption that is used is reversible.
------------------------------------------------------------------------
Tested versions
------------------------------------------------------------------------
This issue was successfully verified on Ivanti Workspace Control version
10.2.700.1 & 10.2.950.0.
------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
This issue was resolved in Ivanti Workspace Control version 10.3.10.0.
------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://www.securify.nl/advisory/SFY20180804/stored-credentials-ivanti-workspace-control-can-be-retrieved-from-registry.html
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists