CVE-2017-9615

EUVD-2017-18546
Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
Affected Products (NVD)
VendorProductVersion
cognitomoneyworks
𝑥
≤ 8.0.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://cognito.co.nz/mwcommunity/viewtopic.php?f=1&t=3542
https://gist.github.com/ari/e0dd74c12d84f102e3bcb365118e8c30
http://cognito.co.nz/mwcommunity/viewtopic.php?f=1&t=3542
https://gist.github.com/ari/e0dd74c12d84f102e3bcb365118e8c30