vendor:
Password Reminder
by:
iqlusion
7.5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: Password Reminder
Affected Version From: 1.0.0.1
Affected Version To: 1.0.0.1
Patch Exists: NO
Related CWE: N/A
CPE: a:tekuvacorp:password_reminder:1.0.0.1
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2009
TEKUVA Password Reminder Authentication Bypass
TEKUVA Password Reminder is a password vault that allows users to store all their credentials in one spot and all they have to remember is a single 'main' password to access their vault. Unfortunately, the vault is actually an Access 2007 database that is protected by a password which is hard coded into the program, not the main password. This script connects to the database using the hard coded db password and dumps everything into an HTML table, bypassing the need to enter the main vault password (or use the program at all for that matter).
Mitigation:
Ensure that the application is using strong authentication mechanisms and that the passwords are not hard coded into the program.