header-logo
Suggest Exploit
vendor:
Autothenticate
by:
mSec
3.3
CVSS
MEDIUM
Weak Encryption
326
CWE
Product Name: Autothenticate
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: MacOS
2002

Autothenticate Weak Encryption Vulnerability

Autothenticate is an extension for MacOS that remembers usernames and passwords from visited websites, and atomatically enters them when the site is visited again. It can be configured to store the username and password, the username only, or nothing. It stores this information in encrypted form in a preference file called 'AutothenticatePreferences' located in the Preferences folder in the System Folder. The encryption mechanism used is weak and can be broken. This program, written by mSec, decrypts the Autothenticate information.

Mitigation:

Ensure that the encryption mechanism used is strong and cannot be broken.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/552/info

Autothenticate is an extension for MacOS that remembers usernames and passwords from visited websites, and atomatically enters them when the site is visited again. It can be configured to store the username and password, the username only, or nothing. It stores this information in encrypted form in a preference file called "AutothenticatePreferences" located in the Preferences folder in the System Folder. The encryption mechanism used is weak and can be broken. 

This program, written by mSec, decrypts the Autothenticate information. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19438.sit

Navigation

Suggest Exploit

Services By CQR