ID:6412 - Exploit for Information disclosure in Password Vault Web Access - CVE-2018-9842

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:6412 - Exploit for Information disclosure in Password Vault Web Access - CVE-2018-9842

ID:6412 - Exploit for Information disclosure in Password Vault Web Access - CVE-2018-9842

Published: June 17, 2021


Vulnerability identifier: #VU11826
Vulnerability risk: Low
CVE-ID: CVE-2018-9842
CWE-ID: CWE-200
Exploitation vector: Remote access
Vulnerable software:
Password Vault Web Access

Link to public exploit:


Vulnerability description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to improper information control. A remote attacker can send a specially crafted Logon request to cause the target service to return a response containing 49 bytes of potentially sensitive information from system memory.


Remediation

Update to versions 9.7 or 10.