CVE-2021-34688

Severity CVSS v4.0:
Pending analysis
Type:
CWE-798 Use of Hard-coded Credentials
Publication date:
15/07/2021
Last modified:
12/07/2022

Description

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static key and is therefore reversible by an attacker.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:idrive:remotepc:*:*:*:*:*:*:*:* 7.6.48 (excluding)
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*