PCSecure V5.0.8.xw - Use of Hard-coded Credentials in configuration files leads to admin panel access
Vendor: PCTechSoft SAS
Product: PCSecure
Affected version(s): 5.0.8.xw
CodeName: PapiQuieroPollo00
Type: Use of Hard-coded Credentials (CWE-798)
CVSSv3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSSv3.1 Base Score: 7.8 (High)
Exploit available: No
CVE ID: CVE-2022-42176
The configuration file (system.bmp) in PCSecure V5.0.8.xw stores the credentials for access to admin panel in plain text, which allows a local user without privileges to login in as administrator and execute commands as windows local admin or reduce security control via reading the file from Chrome or Firefox.
-
Read the file system.bmp from Chrome using the following URI: "view-source:file:///C:/Archivos%20de%20programa/ARCHIVOS%20COMUNES/CONFIG/system.bmp"
-
Identify the password for each user. The first line contains all the usernames separed by "*", the second line contains the password for each username.
-
Launch PCSecure admin panel. Press Ctrl + Mayus + P or Execute "C:\archivos de programa\personal\pcsecure" or launch from windows Start menu.
-
Login as Admin
-
Change security profile and execute any command
Windows 7
There is no exploit for the vulnerability but can be manually exploited.
There is currently no patch available for this vulnerability.
The vulnerability was discovered by Oreocato aka Miguel Chaparro Pedraza
Vendor page: https://www.pctechsoft.net
2019-09-07: Vulnerability discovered.
2019-09-07: Vendor contacted.
2022-09-28: Public Disclosure.
2022-10-20: CVE ID assigned