Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
TopQuadrant TopBraid EDG password manager stores external credentials insecurely
Vulnerability Description
TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745. At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally. Version 8.3.0 warns when using plain text secrets.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N
Vulnerability Type
以可恢复格式存储口令
Vulnerability Title
TopQuadrant TopBraid EDG 安全漏洞
Vulnerability Description
TopQuadrant TopBraid EDG是TopQuadrant公司的一个知识图谱创建和管理工具。 TopQuadrant TopBraid EDG 7.1.3版本存在安全漏洞,该漏洞源于经过身份验证且具有文件系统访问权限的攻击者可以获取解密存储在edg-vault.properties中的外部密码的密钥。
CVSS Information
N/A
Vulnerability Type
N/A