FKIE_CVE-2018-14608

Vulnerability from fkie_nvd - Published: 2018-07-26 22:29 - Updated: 2024-11-21 03:49
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Thomson Reuters UltraTax CS 2017 on Windows has a password protection option; however, the level of protection might be inconsistent with some customers' expectations because the data is directly accessible in cleartext. Specifically, it stores customer data in unique directories (%install_path%\WinCSI\UT17DATA\client_ID\file_name.XX17) that can be bypassed without authentication by examining the strings of the .XX17 file. The strings stored in the .XX17 file contain each customer's: Full Name, Spouse's Name, Social Security Number, Date of Birth, Occupation, Home Address, Daytime Phone Number, Home Phone Number, Spouse's Address, Spouse's Daytime Phone Number, Spouse's Social Security Number, Spouse's Home Phone Number, Spouse's Occupation, Spouse's Date of Birth, and Spouse's Filing Status.
References
cve@mitre.orghttps://corporateblue.com/ultratax-cs-data-exposure-vulnerability/Exploit, Third Party Advisory, URL Repurposed
cve@mitre.orghttps://www.themikewylie.com/ultratax-cs-data-exposure-vulnerability-cve-2018-14608-cve-2018-14607/
af854a3a-2127-422b-91ae-364da2661108https://corporateblue.com/ultratax-cs-data-exposure-vulnerability/Exploit, Third Party Advisory, URL Repurposed
af854a3a-2127-422b-91ae-364da2661108https://www.themikewylie.com/ultratax-cs-data-exposure-vulnerability-cve-2018-14608-cve-2018-14607/
Impacted products
Vendor Product Version
thomsonreuters ultratax_cs 2017
microsoft windows -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:thomsonreuters:ultratax_cs:2017:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BE020BF-6F11-4D7C-B8DA-8A26639A4E8B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Thomson Reuters UltraTax CS 2017 on Windows has a password protection option; however, the level of protection might be inconsistent with some customers\u0027 expectations because the data is directly accessible in cleartext. Specifically, it stores customer data in unique directories (%install_path%\\WinCSI\\UT17DATA\\client_ID\\file_name.XX17) that can be bypassed without authentication by examining the strings of the .XX17 file. The strings stored in the .XX17 file contain each customer\u0027s: Full Name, Spouse\u0027s Name, Social Security Number, Date of Birth, Occupation, Home Address, Daytime Phone Number, Home Phone Number, Spouse\u0027s Address, Spouse\u0027s Daytime Phone Number, Spouse\u0027s Social Security Number, Spouse\u0027s Home Phone Number, Spouse\u0027s Occupation, Spouse\u0027s Date of Birth, and Spouse\u0027s Filing Status."
    },
    {
      "lang": "es",
      "value": "Thompson Reuters UltraTax CS 2017 en Windows tiene una opci\u00f3n de protecci\u00f3n con contrase\u00f1a; sin embargo, el nivel de protecci\u00f3n puede ser inconsistente con las expectativas de algunos clientes porque los datos son directamente accesibles en texto claro. De manera espec\u00edfica, almacena los datos de los clientes en directorios \u00fanicos (%install_path%\\WinCSI\\UT17DATA\\client_ID\\file_name.XX17) que pueden omitirse sin autenticaci\u00f3n examinando las cadenas del archivo .XX17. Las cadenas almacenadas en el archivo .XX17 contienen la siguiente informaci\u00f3n de cada cliente: Nombre completo, nombre del c\u00f3nyuge, n\u00famero de seguro social, fecha de nacimiento, ocupaci\u00f3n, domicilio, n\u00famero de tel\u00e9fono diurno, n\u00famero de tel\u00e9fono particular, direcci\u00f3n del c\u00f3nyuge, n\u00famero de tel\u00e9fono diurno del c\u00f3nyuge, n\u00famero de seguro social del c\u00f3nyuge, n\u00famero de tel\u00e9fono particular del c\u00f3nyuge, ocupaci\u00f3n del c\u00f3nyuge, fecha de nacimiento del c\u00f3nyuge y estado civil del c\u00f3nyuge."
    }
  ],
  "id": "CVE-2018-14608",
  "lastModified": "2024-11-21T03:49:24.390",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-26T22:29:00.273",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "URL Repurposed"
      ],
      "url": "https://corporateblue.com/ultratax-cs-data-exposure-vulnerability/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.themikewylie.com/ultratax-cs-data-exposure-vulnerability-cve-2018-14608-cve-2018-14607/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "URL Repurposed"
      ],
      "url": "https://corporateblue.com/ultratax-cs-data-exposure-vulnerability/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.themikewylie.com/ultratax-cs-data-exposure-vulnerability-cve-2018-14608-cve-2018-14607/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-311"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.