Missing Encryption of Sensitive Data

CVE-2023-23371

Medium

5.2/10

Summary

A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors. We have already fixed the vulnerability in the following version: QVPN Windows 2.2.0.0823 and later

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: LOW
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: HIGH
Confidentiality Impact: LOW
Availability Impact: LOW

CWE-311 - Missing Encryption of Sensitive Data

The software does not encrypt sensitive or critical information before storage or transmission.

References

Advisory Timeline

Published Oct 06, 2023

Missing Encryption of Sensitive Data

CVE-2023-23371

Summary

CWE-311 - Missing Encryption of Sensitive Data

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS