CVE-2016-10104

Published Jan 23, 2017

Last updated 8 years ago

CVSS medium 5.9

Overview

Description: Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for SSH/SFTP profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to and including 11.14.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 5.9
Impact score: 3.6
Exploitability score: 2.2
Vector string: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-326

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:10.00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A7C2457-43EB-4486-A120-B7D459FC279B"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:10.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35EAE4F6-29CE-4D20-8567-2220905A4783"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:10.02:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "722B055A-E157-46AA-9919-0BE7491B15E0"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:10.03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3913B250-2602-4943-A45E-407118445FBB"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:10.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6727427E-834D-42A8-8182-2C5FDFE520C0"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:10.05:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "052CF7DA-98F0-4390-8FAE-5AF5F42708EC"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:10.06:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A83DAF2F-569D-433B-85E1-138AEADF4E0C"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:10.07:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42CC6578-8DFA-4500-AF77-9DC73834C8E8"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:10.08:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7AC7B1FF-1FB4-423C-BD9D-75DD6B6E66E6"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:10.09:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EEAC4542-BC4D-4DEA-8D7B-C750951E825F"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:10.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "974AA5EF-9670-4DC6-89A2-DEDA3B3276D8"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:10.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA0C77C1-D835-4539-809C-1D6E805D40AD"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:10.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9FEEFF2-DB6B-472C-B2B7-C7C1D22DBA4C"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:10.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA79A04C-D25D-4D3E-B131-D4249EE0DA4F"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:10.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "474F086B-D331-498F-9313-159BC005BB17"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:10.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A17B080F-E6A3-4A3D-B600-22466C45C82C"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:10.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A464860D-5D5D-4065-A7C6-BBE5DC9139D1"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:10.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF9197BC-92AB-4927-8805-494B39A2953A"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:10.19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B27121A-7B58-4548-935F-57C1FF187EE6"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:10.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "073ED514-E2CC-4D18-A9F4-9654E9161727"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:10.21:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D27D639-94D1-4BDE-AD4E-AEB37AFABCE4"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:10.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43826AA5-62A0-4452-8EC4-098982867CA1"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:10.23:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DDEA6E6A-D111-4320-BF3A-E5B7CC397423"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:10.24:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63FADFB7-14A0-4C13-8853-40EACFBDBD85"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:10.25:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F80CAE4-2A0D-4805-AAC3-0FFD44D39F78"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:11.00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "61137963-5766-4F2E-B4A2-EDA5A4469720"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:11.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7682507-9EA1-468D-8D8C-7060F068EA61"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:11.02:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF9EAFEE-3A59-4350-903E-D46AC9185FFE"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:11.03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0CD5DD65-A3DB-4F3F-A8CE-DEF6185D5648"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:11.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00C18571-A34F-4B61-B7FA-3649E31BA513"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:11.05:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F7BE139-0DC5-4008-A974-D1A01E1758EC"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:11.06:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "449AC115-FF3D-4D40-9D8A-8439625D3410"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:11.07:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84A099DF-F17F-47A3-A17E-C397445A3430"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:11.08:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E680BB2-8E4B-407E-813E-661D8880DF5C"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:11.09:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A1EF835-E571-4985-96DC-1703BF3F3BFC"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:11.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7C74206-9610-4725-8AB9-CEBD6213DD07"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:11.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4830A80-D9A8-48CB-B5AE-A36FB0BE7EB3"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:11.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3FC908B-E1A7-4ED8-B6D2-A46CE87B96A1"
          },
          {
            "criteria": "cpe:2.3:a:hiteksoftware:automize:11.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90166099-D6E9-4346-9C24-1E2CB3FC2455"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References