Cleartext Storage of Sensitive Information in Memory in Easywork Enterprise

2025.10.23

Credit: Ivan

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Title: Cleartext Storage of Sensitive Information in Memory in Easywork Enterprise

Description: Easywork Enterprise 2.1.3.354 is vulnerable to Cleartext Storage of Sensitive Information in Memory. The application leaves valid device-bound license keys in process memory after a failed activation attempt. The keys can be obtained by attaching a debugger or analyzing the process/memory dump and then they can be used to activate the software on the same machine without purchasing.

Source URL: https://github.com/Smarttfoxx/CVE-2025-60791

Source Name/Email: Ivan Oliveira (smarttfoxx@proton.me)

CVEs: CVE-2025-60791

Software URL: http://easywork.co.id and https://sourceforge.net/projects/easyworkaccounting/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Cleartext Storage of Sensitive Information in Memory in Easywork Enterprise

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.