CVE-2021-27187 PoC — Sovremennye Delovye Tekhnologii FX Aggregator 安全漏洞

Source

https://github.com/jet-pentest/CVE-2021-27187

Associated Vulnerability

Title:Sovremennye Delovye Tekhnologii FX Aggregator 安全漏洞 (CVE-2021-27187)
Description:Sovremennye Delovye Tekhnologii FX 存在安全漏洞，该漏洞源于登录时以明文形式存储认证凭据。

Readme

# CVE-2021-27187

## [Suggested description]
The FX Aggregator terminal client by "Sovremennye Delovye Tekhnologii" stores authentication credentials in cleartext in login.sav when the Save Password box is checked.

## [VulnerabilityType Other]
CWE-522 Insufficiently Protected Credentials

## [Vendor of Product]
OOO Sovremennye Delovye Tekhnologii

## [Affected Product Code Base]
Fx-agreggator terminal client - 1

## [Affected Component]
affected file "login.sav"

## [Impact Information Disclosure]
true

## [Has vendor confirmed or acknowledged the vulnerability?] 
true

## [Discoverer]
Maria Kononova (Jet Infosystems, jet.su)

## [Reference]
https://sdt-fx.ru/

File Snapshot


 [4.0K]  /data/pocs/b17b68448565f394fcac449140d584739166d5f3
└── [ 670]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!