Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for surelock windows by 42gears

    CVE-2023-2335 (GCVE-0-2023-2335)

    Vulnerability from nvd – Published: 2023-04-27 17:55 – Updated: 2025-01-30 20:54
    VLAI
    Title
    Plaintext Password in Registry
    Summary
    Plaintext Password in Registry vulnerability in 42gears surelock windows surelockwinsetupv2.40.0.Exe on Windows (Registery modules) allows Retrieve Admin user credentials This issue affects surelock windows: from 2.3.12 through 2.40.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-314 - Cleartext Storage in the Registry
    • CWE-312 - Cleartext Storage of Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    42gears surelock windows Affected: 2.3.12 , ≤ 2.40.0 (Patch)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:19:14.760Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.42gears.com/security-and-compliance/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2335",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-30T20:54:37.364693Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-30T20:54:42.317Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://mars.42gears.com/support/inout/surelockwinsetupv2.40.0.exe",
              "defaultStatus": "unaffected",
              "modules": [
                "Registery"
              ],
              "packageName": "surelockwinsetupv2.40.0.exe",
              "platforms": [
                "Windows"
              ],
              "product": "surelock windows",
              "vendor": "42gears",
              "versions": [
                {
                  "lessThanOrEqual": "2.40.0",
                  "status": "affected",
                  "version": "2.3.12",
                  "versionType": "Patch"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: transparent;\"\u003ePlaintext Password in Registry\u003c/span\u003e\n\n vulnerability in 42gears surelock windows surelockwinsetupv2.40.0.Exe on Windows (Registery modules) allows Retrieve \n\n\u003cspan style=\"background-color: transparent;\"\u003eAdmin user credentials\u003c/span\u003e\n\n\u003cp\u003eThis issue affects surelock windows: from 2.3.12 through 2.40.0.\u003c/p\u003e"
                }
              ],
              "value": "\nPlaintext Password in Registry\n\n vulnerability in 42gears surelock windows surelockwinsetupv2.40.0.Exe on Windows (Registery modules) allows Retrieve \n\nAdmin user credentials\n\nThis issue affects surelock windows: from 2.3.12 through 2.40.0.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-37",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-314",
                  "description": "CWE-314: Cleartext Storage in the Registry",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "CWE-312 Cleartext Storage of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-27T17:57:35.096Z",
            "orgId": "e5d7a401-f4d6-4559-911a-da9b371cd8ce",
            "shortName": "42Gears"
          },
          "references": [
            {
              "url": "https://www.42gears.com/security-and-compliance/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Plaintext Password in Registry",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade to \n2.41.0\n\n\u003cbr\u003e"
                }
              ],
              "value": "Upgrade to \n2.41.0\n\n\n"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e5d7a401-f4d6-4559-911a-da9b371cd8ce",
        "assignerShortName": "42Gears",
        "cveId": "CVE-2023-2335",
        "datePublished": "2023-04-27T17:55:49.876Z",
        "dateReserved": "2023-04-27T09:46:47.715Z",
        "dateUpdated": "2025-01-30T20:54:42.317Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2335 (GCVE-0-2023-2335)

    Vulnerability from cvelistv5 – Published: 2023-04-27 17:55 – Updated: 2025-01-30 20:54
    VLAI
    Title
    Plaintext Password in Registry
    Summary
    Plaintext Password in Registry vulnerability in 42gears surelock windows surelockwinsetupv2.40.0.Exe on Windows (Registery modules) allows Retrieve Admin user credentials This issue affects surelock windows: from 2.3.12 through 2.40.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-314 - Cleartext Storage in the Registry
    • CWE-312 - Cleartext Storage of Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    42gears surelock windows Affected: 2.3.12 , ≤ 2.40.0 (Patch)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:19:14.760Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.42gears.com/security-and-compliance/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2335",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-30T20:54:37.364693Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-30T20:54:42.317Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://mars.42gears.com/support/inout/surelockwinsetupv2.40.0.exe",
              "defaultStatus": "unaffected",
              "modules": [
                "Registery"
              ],
              "packageName": "surelockwinsetupv2.40.0.exe",
              "platforms": [
                "Windows"
              ],
              "product": "surelock windows",
              "vendor": "42gears",
              "versions": [
                {
                  "lessThanOrEqual": "2.40.0",
                  "status": "affected",
                  "version": "2.3.12",
                  "versionType": "Patch"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: transparent;\"\u003ePlaintext Password in Registry\u003c/span\u003e\n\n vulnerability in 42gears surelock windows surelockwinsetupv2.40.0.Exe on Windows (Registery modules) allows Retrieve \n\n\u003cspan style=\"background-color: transparent;\"\u003eAdmin user credentials\u003c/span\u003e\n\n\u003cp\u003eThis issue affects surelock windows: from 2.3.12 through 2.40.0.\u003c/p\u003e"
                }
              ],
              "value": "\nPlaintext Password in Registry\n\n vulnerability in 42gears surelock windows surelockwinsetupv2.40.0.Exe on Windows (Registery modules) allows Retrieve \n\nAdmin user credentials\n\nThis issue affects surelock windows: from 2.3.12 through 2.40.0.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-37",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-314",
                  "description": "CWE-314: Cleartext Storage in the Registry",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "CWE-312 Cleartext Storage of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-27T17:57:35.096Z",
            "orgId": "e5d7a401-f4d6-4559-911a-da9b371cd8ce",
            "shortName": "42Gears"
          },
          "references": [
            {
              "url": "https://www.42gears.com/security-and-compliance/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Plaintext Password in Registry",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade to \n2.41.0\n\n\u003cbr\u003e"
                }
              ],
              "value": "Upgrade to \n2.41.0\n\n\n"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e5d7a401-f4d6-4559-911a-da9b371cd8ce",
        "assignerShortName": "42Gears",
        "cveId": "CVE-2023-2335",
        "datePublished": "2023-04-27T17:55:49.876Z",
        "dateReserved": "2023-04-27T09:46:47.715Z",
        "dateUpdated": "2025-01-30T20:54:42.317Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }