| عنوان | SecureAge CatchPulse 10.9.1 Authentication Bypass by Spoofing |
|---|
| الوصف | The saappctl.sys driver exposes an IOCTL handler that does not properly validate the calling process. There is a basic process path check, but this can be spoofed by modifying the process's PEB. By doing this, the IOCTL can be used to get a file handle and read any resources on the system including the SAM and SYSTEM registry hives. This driver allows an unprivileged user to dump user hashes or any other file on the system by getting a kernel handle on a given resource. |
|---|
| المصدر | ⚠️ https://vandalsuidaho-my.sharepoint.com/:w:/g/personal/higg2059_vandals_uidaho_edu/IQBo2bcYM-FJTpon1vC0En0vAS3OerOp4Nf0EeZIU4u9mgY?e=XAT64X |
|---|
| المستخدم | Jordanhiggins (UID 98250) |
|---|
| ارسال | 14/05/2026 12:43 AM (28 أيام منذ) |
|---|
| الاعتدال | 06/06/2026 06:06 PM (24 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 369078 [SecureAge CatchPulse حتى 10.9.3 IOCTL saappctl.sys الكشف عن المعلومات] |
|---|
| النقاط | 20 |
|---|