CVE-2024-36495
Read/Write Permissions for Everyone on Configuration File
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Read/Write Permissions for Everyone on Configuration File
The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is: C:\ProgramData\Faronics\StorageSpace\WS\WINSelect.wsd
Reserved 2024-05-29 | Published 2024-06-24 | Updated 2025-02-13 | Assigner SEC-VLabCWE-276 Incorrect Default Permissions
Daniel Hirschberger | SEC Consult Vulnerability Lab
r.sec-consult.com/winselect
www.faronics.com/...ocument/winselect-standard-release-notes
seclists.org/fulldisclosure/2024/Jun/12
Support options
