ActivIdentity 8.2 ac.sharedstore Unquoted Service Path

2021.04.09
Credit: SamAlucard
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

# Exploit Title: ActivIdentity 8.2 - 'ac.sharedstore' Unquoted Service Path # Exploit Author : SamAlucard # Exploit Date: 2021-03-21 # Software Version : ActivIdentity 8.2 # Vendor Homepage : https://www.hidglobal.com/ # Tested on OS: Windows 7 Pro # ActivIdentity was Acquired by HID Global in Octuber 2010 #ActivClient is a desktop authentication software that uses smarts cards and readers # for enterprise, government and commercial establishments #Analyze PoC : ============== C:\Users\DSAdsi>sc qc ac.sharedstore [SC] QueryServiceConfig CORRECTO NOMBRE_SERVICIO: ac.sharedstore TIPO : 10 WIN32_OWN_PROCESS TIPO_INICIO : 2 AUTO_START CONTROL_ERROR : 1 NORMAL NOMBRE_RUTA_BINARIO: C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe GRUPO_ORDEN_CARGA : SmartCardGroup ETIQUETA : 0 NOMBRE_MOSTRAR : ActivIdentity Shared Store Service DEPENDENCIAS : RPCSS NOMBRE_INICIO_SERVICIO: LocalSystem


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top