Exploits / Vulnerability Discovered : 2018-09-12 |
Type : webapps |
Platform : windows
This exploit / vulnerability Synaman 4.0 build 1488 smtp credential disclosure is for educational purposes only and if it is used you will do on your own risk!
Description
-----------------------------------------------------------------
SynaMan 4.0 suffers from cleartext password storage for SMTP settings which would allow email account compromise
Prerequisites
-----------------------------------------------------------------
Access to a system running Synaman 4 using a low-privileged user account
Proof of Concept
-----------------------------------------------------------------
The password for the smtp email account is stored in plaintext in the AppConfig.xml configuration file. This file can be viewed by any local user of the system.
Timeline
---------------------------------------------------------------------
05-07-18: Vendor notified of vulnerabilities
05-08-18: Vendor responded and will fix
07-25-18: Vendor fixed in new release
09-12-18: Submitted public disclosure