| Titolo | SGS Intergard: Exposing Confidential Information to an Unauthorized Actor in Changing a User Password |
|---|
| Descrizione | An adversary being on the same network with virtual or physical access to the machine with the SGS Intergard authenticated, can potentially obtain the user and password in plain text through a memory dump, after the user has performed a password change. This system is responsible for opening electronic locks, security safes remotely. Security tests were carried out by me at the request of a company that bought the software for use in a financial environment, being extremely important the application's total security.
Company website: https://www.intergard.com.br/
|
|---|
| Fonte | ⚠️ https://www.youtube.com/watch?v=bMJwSCps0Lc |
|---|
| Utente | hiagomoura (UID 50347) |
|---|
| Sottomissione | 11/07/2023 02:42 (3 anni fa) |
|---|
| Moderazione | 18/07/2023 21:30 (8 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 234446 [Intergard SGS 8.7.0 Password Change cifratura debole] |
|---|
| Punti | 17 |
|---|