CVE-2018-14608 - OpenCVE

Thomson Reuters UltraTax CS 2017 on Windows has a password protection option; however, the level of protection might be inconsistent with some customers' expectations because the data is directly accessible in cleartext. Specifically, it stores customer data in unique directories (%install_path%\WinCSI\UT17DATA\client_ID\file_name.XX17) that can be bypassed without authentication by examining the strings of the .XX17 file. The strings stored in the .XX17 file contain each customer's: Full Name, Spouse's Name, Social Security Number, Date of Birth, Occupation, Home Address, Daytime Phone Number, Home Phone Number, Spouse's Address, Spouse's Daytime Phone Number, Spouse's Social Security Number, Spouse's Home Phone Number, Spouse's Occupation, Spouse's Date of Birth, and Spouse's Filing Status.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows
Thomsonreuters	Ultratax Cs

Configuration 1 [-]

AND

cpe:2.3:a:thomsonreuters:ultratax_cs:2017:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://corporateblue.com/ultratax-cs-data-exposure-vulnerability/
https://www.themikewylie.com/ultratax-cs-data-exposure-vulnerability-cve-2018-14608-cve-2018-14607/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-07-26T22:00:00

Updated: 2024-08-05T09:29:51.707Z

Reserved: 2018-07-26T00:00:00

Link: CVE-2018-14608

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-07-26T22:29:00.273

Modified: 2024-02-14T01:17:43.863

Link: CVE-2018-14608

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-07-26T00:00:00", "descriptions": [{"lang": "en", "value": "Thomson Reuters UltraTax CS 2017 on Windows has a password protection option; however, the level of protection might be inconsistent with some customers' expectations because the data is directly accessible in cleartext. Specifically, it stores customer data in unique directories (%install_path%\\WinCSI\\UT17DATA\\client_ID\\file_name.XX17) that can be bypassed without authentication by examining the strings of the .XX17 file. The strings stored in the .XX17 file contain each customer's: Full Name, Spouse's Name, Social Security Number, Date of Birth, Occupation, Home Address, Daytime Phone Number, Home Phone Number, Spouse's Address, Spouse's Daytime Phone Number, Spouse's Social Security Number, Spouse's Home Phone Number, Spouse's Occupation, Spouse's Date of Birth, and Spouse's Filing Status."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-09-30T13:16:19", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://corporateblue.com/ultratax-cs-data-exposure-vulnerability/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.themikewylie.com/ultratax-cs-data-exposure-vulnerability-cve-2018-14608-cve-2018-14607/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-14608", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Thomson Reuters UltraTax CS 2017 on Windows has a password protection option; however, the level of protection might be inconsistent with some customers' expectations because the data is directly accessible in cleartext. Specifically, it stores customer data in unique directories (%install_path%\\WinCSI\\UT17DATA\\client_ID\\file_name.XX17) that can be bypassed without authentication by examining the strings of the .XX17 file. The strings stored in the .XX17 file contain each customer's: Full Name, Spouse's Name, Social Security Number, Date of Birth, Occupation, Home Address, Daytime Phone Number, Home Phone Number, Spouse's Address, Spouse's Daytime Phone Number, Spouse's Social Security Number, Spouse's Home Phone Number, Spouse's Occupation, Spouse's Date of Birth, and Spouse's Filing Status."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://corporateblue.com/ultratax-cs-data-exposure-vulnerability/", "refsource": "MISC", "url": "https://corporateblue.com/ultratax-cs-data-exposure-vulnerability/"}, {"name": "https://www.themikewylie.com/ultratax-cs-data-exposure-vulnerability-cve-2018-14608-cve-2018-14607/", "refsource": "MISC", "url": "https://www.themikewylie.com/ultratax-cs-data-exposure-vulnerability-cve-2018-14608-cve-2018-14607/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T09:29:51.707Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://corporateblue.com/ultratax-cs-data-exposure-vulnerability/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.themikewylie.com/ultratax-cs-data-exposure-vulnerability-cve-2018-14608-cve-2018-14607/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-14608", "datePublished": "2018-07-26T22:00:00", "dateReserved": "2018-07-26T00:00:00", "dateUpdated": "2024-08-05T09:29:51.707Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:thomsonreuters:ultratax_cs:2017:*:*:*:*:*:*:*", "matchCriteriaId": "2BE020BF-6F11-4D7C-B8DA-8A26639A4E8B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Thomson Reuters UltraTax CS 2017 on Windows has a password protection option; however, the level of protection might be inconsistent with some customers' expectations because the data is directly accessible in cleartext. Specifically, it stores customer data in unique directories (%install_path%\\WinCSI\\UT17DATA\\client_ID\\file_name.XX17) that can be bypassed without authentication by examining the strings of the .XX17 file. The strings stored in the .XX17 file contain each customer's: Full Name, Spouse's Name, Social Security Number, Date of Birth, Occupation, Home Address, Daytime Phone Number, Home Phone Number, Spouse's Address, Spouse's Daytime Phone Number, Spouse's Social Security Number, Spouse's Home Phone Number, Spouse's Occupation, Spouse's Date of Birth, and Spouse's Filing Status."}, {"lang": "es", "value": "Thompson Reuters UltraTax CS 2017 en Windows tiene una opci\u00f3n de protecci\u00f3n con contrase\u00f1a; sin embargo, el nivel de protecci\u00f3n puede ser inconsistente con las expectativas de algunos clientes porque los datos son directamente accesibles en texto claro. De manera espec\u00edfica, almacena los datos de los clientes en directorios \u00fanicos (%install_path%\\WinCSI\\UT17DATA\\client_ID\\file_name.XX17) que pueden omitirse sin autenticaci\u00f3n examinando las cadenas del archivo .XX17. Las cadenas almacenadas en el archivo .XX17 contienen la siguiente informaci\u00f3n de cada cliente: Nombre completo, nombre del c\u00f3nyuge, n\u00famero de seguro social, fecha de nacimiento, ocupaci\u00f3n, domicilio, n\u00famero de tel\u00e9fono diurno, n\u00famero de tel\u00e9fono particular, direcci\u00f3n del c\u00f3nyuge, n\u00famero de tel\u00e9fono diurno del c\u00f3nyuge, n\u00famero de seguro social del c\u00f3nyuge, n\u00famero de tel\u00e9fono particular del c\u00f3nyuge, ocupaci\u00f3n del c\u00f3nyuge, fecha de nacimiento del c\u00f3nyuge y estado civil del c\u00f3nyuge."}], "id": "CVE-2018-14608", "lastModified": "2024-02-14T01:17:43.863", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-26T22:29:00.273", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "URL Repurposed"], "url": "https://corporateblue.com/ultratax-cs-data-exposure-vulnerability/"}, {"source": "cve@mitre.org", "url": "https://www.themikewylie.com/ultratax-cs-data-exposure-vulnerability-cve-2018-14608-cve-2018-14607/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-311"}], "source": "nvd@nist.gov", "type": "Primary"}]}