CVE-2020-13473: NCH Account-Clear Text Password Storage
- Get link
- X
- Other Apps
Vulnerable Software: Express Account
Affected Version: 8.24 and prior
Vendor Homepage: https://www.nchsoftware.com/
CVE: CVE-2020-13473
CVE Author: Tejas Nitin Pingulkar
Exploit Available: Yes
About Affected Software
Express Accounts is professional business accounting software, perfect for small businesses needing to document and report on incoming and outgoing cash flow including sales, receipts, payments and purchases.
Additional Information
Express Accounts has functionality that allows to access it over the web. While configuring web access function application asks for user details such as username, password, email, etc. Application stores this information in “C:\ProgramData\NCH Software\ExpressAccounts\WebAccounts”
Exploit
Low authenticated user can access files stored in cleartext format in C:\ProgramData\NCH Software\ExpressAccounts\WebAccounts and obtain username passwords
Proof Of Concept
- Get link
- X
- Other Apps
Comments
Post a Comment