Kaspersky has fixed the following security problem in the TinyCheck open source tool. The installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker for unauthorized access to remote data. This backend part is user specific and can be used to store configuration settings of the tool such as Indicators of Compromise and other information. Issue type: Information Disclosure.
List of affected products
TinyCheck without commits 9fd360d and ea53de8 from December 18th
Fixed versions
TinyCheck with commits 9fd360d and ea53de8 from December 18th
To update the tool to the latest commit/version, use the following commands: #cd /usr/share/tinycheck/ && bash update.sh.
Acknowledgements
We would like to thank the security researchers from Sayfer who discovered this issue and responsibly reported it.
Kaspersky has fixed the following security problem in the TinyCheck open source tool. The installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker for unauthorized access to remote data. This backend part is user specific and can be used to store configuration settings of the tool such as Indicators of Compromise and other information. Issue type: Information Disclosure.
List of affected products
TinyCheck without commits 9fd360d and ea53de8 from December 18th
Fixed versions
TinyCheck with commits 9fd360d and ea53de8 from December 18th
To update the tool to the latest commit/version, use the following commands: #cd /usr/share/tinycheck/ && bash update.sh.
Acknowledgements
We would like to thank the security researchers from Sayfer who discovered this issue and responsibly reported it.