CVE-2017-9615
Unknown
Last modified
CVE-2017-9615 is a vulnerability of currently unknown severity. Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file..
Description
Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file.
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cognito | Moneyworks | <= 8.0.3 |
References
- http://cognito.co.nz/mwcommunity/viewtopic.php?f=1&t=3542Vendor Advisory
- https://gist.github.com/ari/e0dd74c12d84f102e3bcb365118e8c30Third Party Advisory, Vendor Advisory
- http://cognito.co.nz/mwcommunity/viewtopic.php?f=1&t=3542Vendor Advisory
- https://gist.github.com/ari/e0dd74c12d84f102e3bcb365118e8c30Third Party Advisory, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-9615?
Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file.
How severe is CVE-2017-9615?
Severity scoring for CVE-2017-9615 is pending analysis.
How do I fix CVE-2017-9615?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2017-9615?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST