Description
Charactell - FormStorm Enterprise Account takeover – An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
Low
Affected products
- Charactell / FormStorm EnterpriseFormStorm Enterprise version 9.00.065 9.00.065 – FormStorm Enterprise version 9.00.065 9.00.065
References
- VENDOR_ADVISORYhttps://www.gov.il/en/departments/faq/cve_advisories