CVE-2018-25361

Soroush IM Desktop App 0.17.0 Authentication Bypass via Database Injection

CVSS 7 HIGHEPSS 0.1%CWE-290

Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant encryption key. Attackers can inject malicious database records into the application's database files to unlock the client and access all stored data, chats, images, and files without knowing the original passcode.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Productos afectados

Soroush · Soroush IM Desktop App

PoCs públicas encontradas — 1

cve_referencewww.exploit-db.com/exploits/45171no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://54.36.43.176/SoroushSetup0.17.0.exe https://soroush-app.ir https://www.exploit-db.com/exploits/45171 https://www.vulncheck.com/advisories/soroush-im-desktop-app-authentication-bypass-via-database-injection