All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated with document, such as password. The attacker could then obtain the plaintext password by using a memory viewer.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: icscert
Published: 2023-07-03T20:04:17.653Z
Updated: 2024-08-02T06:55:03.225Z
Reserved: 2023-06-23T20:42:39.795Z
Link: CVE-2023-3395
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-07-03T21:15:10.107
Modified: 2023-11-07T04:18:40.710
Link: CVE-2023-3395
Redhat
No data.