CVE-2024-24272 in DualSafe Password Manager & Digital Vaultinfo

Summary

by MITRE • 03/22/2024

An issue in iTop DualSafe Password Manager & Digital Vault before 1.4.24 allows a local attacker to obtain sensitive information via leaked credentials as plaintext in a log file that can be accessed by the local user without knowledge of the master secret.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 03/28/2025

The vulnerability identified as CVE-2024-24272 affects iTop DualSafe Password Manager & Digital Vault versions prior to 1.4.24 and represents a critical information disclosure flaw that undermines the security posture of the application. This issue stems from improper handling of sensitive data within the application's logging mechanisms, creating a scenario where plaintext credentials become accessible to local users who should not have such privileges. The vulnerability manifests when the application logs sensitive information in plaintext format within log files that remain accessible to any user account on the system, effectively removing the protection that should be provided by the master secret mechanism.

The technical implementation of this flaw involves the application's logging subsystem failing to properly sanitize or encrypt sensitive credential data before writing it to persistent storage. When users interact with the password manager, particularly during authentication or credential management operations, the system writes plaintext representations of passwords and other sensitive information to log files. These log files are typically stored in locations that are accessible to local users with standard system privileges, creating an attack surface that allows unauthorized individuals to access credential information without needing to bypass the master secret protection. The vulnerability directly violates security principles related to least privilege access and proper data sanitization, as the application fails to implement adequate access controls or encryption measures for sensitive logging data.

From an operational perspective, this vulnerability creates significant risk for organizations that rely on iTop DualSafe for credential management, as it essentially nullifies the protection mechanisms that the application is designed to provide. Local attackers who gain access to the system can easily extract plaintext credentials from log files, potentially gaining access to multiple accounts and systems that were previously protected by the password manager. The impact extends beyond simple credential theft, as attackers can leverage these credentials to escalate privileges, move laterally within networks, and potentially gain access to additional systems that rely on the compromised credentials. This vulnerability particularly affects environments where multiple users share the same system or where system administrators do not properly secure log file permissions, creating a persistent threat vector that remains active until the software is properly updated.

The mitigation strategy for CVE-2024-24272 requires immediate deployment of the vendor-provided patch or update to version 1.4.24, which addresses the logging mechanism to prevent plaintext credential exposure. Organizations should conduct comprehensive inventory checks to identify all systems running affected versions of the software and ensure that all instances are updated promptly. Additionally, system administrators should review and tighten log file permissions to ensure that sensitive information cannot be accessed by unauthorized local users, implementing proper access controls and monitoring mechanisms. The vulnerability aligns with CWE-312 (Cleartext Storage of Sensitive Information) and represents a failure in secure logging practices that should be addressed through proper configuration management and security hardening procedures. This issue also maps to ATT&CK technique T1562.001 (Impair Defenses: Disable or Modify Tools) as attackers could potentially use the leaked credentials to disable or modify security tools, and T1078 (Valid Accounts) as the compromised credentials could be used to maintain persistence within the environment.

Reservation

01/25/2024

Disclosure

03/22/2024

Moderation

accepted

CPE

ready

EPSS

0.00236

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!