Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Intuit Lacerte 2017 for Windows in a client/server environment transfers the entire customer list in cleartext over SMB, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. The customer list contains each customer's full name, social security number (SSN), address, job title, phone number, Email address, spouse's phone/Email address, and other sensitive information. After the client software authenticates to the server database, the server sends the customer list. There is no need for further exploitation as all sensitive data is exposed. This vulnerability was validated on Intuit Lacerte 2017, however older versions of Lacerte may be vulnerable.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Intuit Lacerte 2017 for Windows 安全漏洞
Vulnerability Description
Intuit Lacerte 2017 for Windows是美国Intuit公司的一套税务申报软件。该软件具有自动计算、自动诊断等特点。 基于Windows平台的Intuit Lacerte 2017中存在安全漏洞,该漏洞源于在客户端/服务器环境中,程序借助SMB以明文的形式传递整个用户列表(包含:用户全称、社会安全号、地址、职位等敏感信息)。攻击者可利用该漏洞获取敏感信息或实施中间人攻击。
CVSS Information
N/A
Vulnerability Type
N/A