| Title | SGS Intergard 8.7.0 SV: Exposing Confidential Information to an Unauthorized Actor in Register a User |
|---|
| Description | An adversary that is on the same network with virtual or physical access to the machine with the SGS Intergard 8.7.0 authenticated, can potentially obtain the username and password in plain text through a memory dump, of a newly registered user. This system is responsible for opening electronic locks, security safes remotely. Security tests were carried out by me at the request of a company that purchased the software for use in a financial environment, with the application's total security being extremely important.
Company website: https://www.intergard.com.br/ |
|---|
| Source | ⚠️ https://www.youtube.com/watch?v=Ee2KU-T_0pI |
|---|
| User | hiagomoura (UID 50347) |
|---|
| Submission | 07/11/2023 19:22 (3 years ago) |
|---|
| Moderation | 07/18/2023 21:30 (7 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 234447 [Intergard SGS 8.7.0 cleartext storage in memory] |
|---|
| Points | 17 |
|---|