CVE-2023-2335

Summary

Plaintext Password in Registry

vulnerability in 42gears surelock windows surelockwinsetupv2.40.0.Exe on Windows (Registery modules) allows Retrieve

Admin user credentials

This issue affects surelock windows: from 2.3.12 through 2.40.0.

Affected Software

VendorProductVersion RangeStatus
42gearssurelock windows2.3.12 <= 2.40.0affected

Weaknesses

  • CWE-314: CWE-314: Cleartext Storage in the Registry
  • CWE-312: CWE-312 Cleartext Storage of Sensitive Information

Workarounds

Upgrade to 2.41.0

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References