N/A

Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. The customer record transferred in cleartext contains: Client ID, Full Name, Spouse's Full Name, Social Security Number, Spouse's Social Security Number, Occupation, Spouse's Occupation, Daytime Phone, Home Phone, Tax Preparer, Federal and State Taxes to File, Bank Name, Bank Account Number, and possibly other sensitive information.

N/A

N/A

Thompson Reuters UltraTax CS 2017 for Windows 安全漏洞

Thompson Reuters UltraTax CS 2017 for Windows是美国Thompson Reuters公司的一套基于Windows平台的自动化税务管理软件。该软件主要用于自动化管理企业或个人税务工作流程。 基于Windows平台的Thompson Reuters UltraTax CS 2017中存在安全漏洞，该漏洞源于程序通过SMBv2协议以明文的形式传递用户记录和银行账户号码。攻击者可利用该漏洞实施中间人攻击或获取敏感信息，例如：姓名、配偶姓名、社会安全号、出生日期、职业、家

N/A

N/A