Invia #829131: SecureAge CatchPulse 10.9.1 Authentication Bypass by Spoofinginformazioni

TitoloSecureAge CatchPulse 10.9.1 Authentication Bypass by Spoofing
DescrizioneThe saappctl.sys driver exposes an IOCTL handler that does not properly validate the calling process. There is a basic process path check, but this can be spoofed by modifying the process's PEB. By doing this, the IOCTL can be used to get a file handle and read any resources on the system including the SAM and SYSTEM registry hives. This driver allows an unprivileged user to dump user hashes or any other file on the system by getting a kernel handle on a given resource.
Fonte⚠️ https://vandalsuidaho-my.sharepoint.com/:w:/g/personal/higg2059_vandals_uidaho_edu/IQBo2bcYM-FJTpon1vC0En0vAS3OerOp4Nf0EeZIU4u9mgY?e=XAT64X
Utente
 Jordanhiggins (UID 98250)
Sottomissione14/05/2026 00:43 (2 mesi fa)
Moderazione06/06/2026 18:06 (24 days later)
StatoAccettato
Voce VulDB369078 [SecureAge CatchPulse fino a 10.9.3 IOCTL saappctl.sys rivelazione di informazioni]
Punti20

Do you want to use VulDB in your project?

Use the official API to access entries easily!