Texas Instruments Fusion Digital Power Designer 7.10.1 Credential Disclosure

2024.09.08

Credit: Gionathan Armando Reale

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2024-41629

CWE: N/A

Insufficiently Protected Credentials in Texas Instruments Fusion Digital Power Designer v.7.10.1
Credit: Gionathan Armando Reale
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
# Product: Fusion Digital Power Designer - Version 7.10.1
# Vendor: Texas Instruments
# CVE ID: CVE-2024-41629
# Vulnerability Title: Insufficiently Protected Credentials
# Severity: Medium
# Author(s): Gionathan Armando Reale
# Date: 2024-08-15
#
#############################################################
Introduction:
An issue in Texas Instruments Fusion Digital Power Designer v.7.10.1 allows a local attacker to obtain sensitive information via the plaintext storage of credentials.
Vulnerability PoC:
1. Create a connection within the application that requires credentials.
2. Access the file "C:/Program Files (x86)/Texas Instruments/Fusion Digial Power Designer/data/prefs-shared.xml"
3. Notice the credentials stored as plaintext.
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Texas Instruments Fusion Digital Power Designer 7.10.1 Credential Disclosure

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.