Use of Hard-coded Credentials

CVE-2023-43870

High

8.1/10

Summary

When installing the Net2 software a root certificate is installed into the trusted store. A potential hacker could access the installer batch file or reverse engineer the source code to gain access to the root certificate password. Using the root certificate and password they could then create their own certificates to emulate another site. Then by establishing a proxy service to emulate the site they could monitor traffic passed between the end user and the site allowing access to the data content.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-798 - Use of Hard-coded Credentials

The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

References

Advisory Timeline

Published Dec 19, 2023

Use of Hard-coded Credentials

CVE-2023-43870

Summary

CWE-798 - Use of Hard-coded Credentials

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS