Vulnerability CVE-2024-36495
Published: 2024-06-24

Description:
The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file:



C:\ProgramData\WINSelect\WINSelect.wsd

The path for the affected WINSelect Enterprise configuration file is:

C:\ProgramData\Faronics\StorageSpace\WS\WINSelect.wsd

See advisories in our WLB2 database:
Topic
Author
Date
Low
Faronics WINSelect Hardcoded Credentials / Bad Permissions / Unhashed Password
Daniel Hirschber...
26.06.2024

 References:
https://r.sec-consult.com/winselect
https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes
Copyright 2024, cxsecurity.com

 

Back to Top