关联漏洞
Description
Easywork Enterprise 2.1.3.354 is vulnerable to Cleartext Storage of Sensitive Information in Memory. The application leaves valid device-bound license keys in process memory after a failed activation attempt.
介绍
# CVE-2025-60791
CVE-2025-60791: Cleartext Storage of Sensitive Information in Memory.
Easywork Enterprise 2.1.3.354 is vulnerable to Cleartext Storage of Sensitive Information in Memory. The application leaves valid device-bound license keys in process memory after a failed activation attempt. The keys can be obtained by attaching a debugger or analyzing the process/memory dump and then they can be used to activate the software on the same machine without purchasing.
<img width="1626" height="649" alt="image" src="https://github.com/user-attachments/assets/2d02779e-6810-46ec-9e8e-fb09d155055a" />
<img width="950" height="598" alt="image" src="https://github.com/user-attachments/assets/6aaeb592-8c21-4197-afa4-8f860a91fd9e" />
文件快照
[4.0K] /data/pocs/185131451e9fb7bacc3da98bfc8174a57318ec33
└── [ 741] README.md
1 directory, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。