ActivIdentity 8.2 ac.sharedstore Unquoted Service Path

2021.04.09
Credit: SamAlucard
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

# Exploit Title: ActivIdentity 8.2 - 'ac.sharedstore' Unquoted Service Path # Exploit Author : SamAlucard # Exploit Date: 2021-03-21 # Software Version : ActivIdentity 8.2 # Vendor Homepage : https://www.hidglobal.com/ # Tested on OS: Windows 7 Pro # ActivIdentity was Acquired by HID Global in Octuber 2010 #ActivClient is a desktop authentication software that uses smarts cards and readers # for enterprise, government and commercial establishments #Analyze PoC : ============== C:\Users\DSAdsi>sc qc ac.sharedstore [SC] QueryServiceConfig CORRECTO NOMBRE_SERVICIO: ac.sharedstore TIPO : 10 WIN32_OWN_PROCESS TIPO_INICIO : 2 AUTO_START CONTROL_ERROR : 1 NORMAL NOMBRE_RUTA_BINARIO: C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe GRUPO_ORDEN_CARGA : SmartCardGroup ETIQUETA : 0 NOMBRE_MOSTRAR : ActivIdentity Shared Store Service DEPENDENCIAS : RPCSS NOMBRE_INICIO_SERVICIO: LocalSystem


Vote for this issue:
50%
50%

Comment it here.

Copyright 2025, cxsecurity.com

 

Back to Top