| Title | SGS Intergard: Exposing Confidential Information to an Unauthorized Actor in Changing a User Password |
|---|
| Description | An adversary being on the same network with virtual or physical access to the machine with the SGS Intergard authenticated, can potentially obtain the user and password in plain text through a memory dump, after the user has performed a password change. This system is responsible for opening electronic locks, security safes remotely. Security tests were carried out by me at the request of a company that bought the software for use in a financial environment, being extremely important the application's total security.
Company website: https://www.intergard.com.br/
|
|---|
| Source | ⚠️ https://www.youtube.com/watch?v=bMJwSCps0Lc |
|---|
| User | hiagomoura (UID 50347) |
|---|
| Submission | 07/11/2023 02:42 (3 years ago) |
|---|
| Moderation | 07/18/2023 21:30 (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 234446 [Intergard SGS 8.7.0 Password Change cleartext transmission] |
|---|
| Points | 17 |
|---|