CVE-2021-34688
Severity CVSS v4.0:
Pending analysis
Type:
CWE-798
Use of Hard-coded Credentials
Publication date:
15/07/2021
Last modified:
12/07/2022
Description
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static key and is therefore reversible by an attacker.
Impact
Base Score 3.x
3.30
Severity 3.x
LOW
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:idrive:remotepc:*:*:*:*:*:*:*:* | 7.6.48 (excluding) | |
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page