CVE-2024-45744

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-45744
TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745. At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally.

3.0 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2024/va-24-254-02.json
https://www.topquadrant.com/doc/latest/administrator_guide/edg_installation_and_authentication/hashicorp_integration.html
https://www.topquadrant.com/doc/latest/reference/PasswordManagementAdminPage.html
https://www.topquadrant.com/release-note/7-3/
Configurations

No configuration.

History

30 Sep 2024, 12:45

Type Values Removed Values Added
Summary
  • (es) TopQuadrant TopBraid EDG almacena credenciales externas de forma insegura. Un atacante autenticado con acceso al sistema de archivos puede leer edg-setup.properites y obtener el secreto para descifrar las contraseñas externas almacenadas en edg-vault.properties. Un atacante autenticado podría obtener acceso al sistema de archivos utilizando una vulnerabilidad independiente como CVE-2024-45745. Al menos la versión 7.1.3 está afectada. La versión 7.3 agrega la integración de HashiCorp Vault que no almacena las contraseñas externas de forma local.

27 Sep 2024, 17:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 3.0
Summary (en) TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745. At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally. (en) TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745. At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally.

27 Sep 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-09-27 16:15

Updated : 2024-09-30 12:45

NVD link : CVE-2024-45744

Mitre link : CVE-2024-45744

CVE.ORG link : CVE-2024-45744

JSON object : View

Products Affected

No product.

CWE
CWE-257

Storing Passwords in a Recoverable Format


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024