iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static key and is therefore reversible by an attacker.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-07-15T13:17:46
Updated: 2024-08-04T00:19:47.954Z
Reserved: 2021-06-14T00:00:00
Link: CVE-2021-34688
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-07-15T14:15:20.370
Modified: 2022-07-12T17:42:04.277
Link: CVE-2021-34688
Redhat
No data.