CVE-2026-23635
Kiteworks Secure Data Forms has a potential Unprotected Transport of Credentials
In short
Kiteworks Secure Data Forms versions before 9.2.1 may transmit login credentials without proper encryption due to misconfigured security settings. This could allow attackers to intercept sensitive authentication information if they gain access to network traffic.
Technical detail
CWE-523 vulnerability in Kiteworks Secure Data Forms <9.2.1 allows unprotected transport of credentials through misconfigured security attributes. Attack vector is network-based; requires attacker to intercept communications between client and server. Successful exploitation results in exposure of authentication credentials.
Summary generated and translated by AI from the official description.
Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security attributes could potentially lead to Unprotected Transport of Credentials under certain circumstances. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
Affected products
kiteworks · Secure Data FormsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →