{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-01-22T00:00:00", "descriptions": [{"lang": "en", "value": "Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for SSH/SFTP profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to and including 11.14."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-03-15T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://rastamouse.me/guff/2016/automize/"}, {"name": "96845", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/96845"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-10104", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for SSH/SFTP profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to and including 11.14."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://rastamouse.me/guff/2016/automize/", "refsource": "MISC", "url": "https://rastamouse.me/guff/2016/automize/"}, {"name": "96845", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96845"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-10104", "datePublished": "2017-01-23T06:49:00", "dateReserved": "2017-01-02T00:00:00", "dateUpdated": "2017-03-15T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hiteksoftware:automize:10.00:*:*:*:*:*:*:*", "matchCriteriaId": "3A7C2457-43EB-4486-A120-B7D459FC279B", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.01:*:*:*:*:*:*:*", "matchCriteriaId": "35EAE4F6-29CE-4D20-8567-2220905A4783", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.02:*:*:*:*:*:*:*", "matchCriteriaId": "722B055A-E157-46AA-9919-0BE7491B15E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.03:*:*:*:*:*:*:*", "matchCriteriaId": "3913B250-2602-4943-A45E-407118445FBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.04:*:*:*:*:*:*:*", "matchCriteriaId": "6727427E-834D-42A8-8182-2C5FDFE520C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.05:*:*:*:*:*:*:*", "matchCriteriaId": "052CF7DA-98F0-4390-8FAE-5AF5F42708EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.06:*:*:*:*:*:*:*", "matchCriteriaId": "A83DAF2F-569D-433B-85E1-138AEADF4E0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.07:*:*:*:*:*:*:*", "matchCriteriaId": "42CC6578-8DFA-4500-AF77-9DC73834C8E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.08:*:*:*:*:*:*:*", "matchCriteriaId": "7AC7B1FF-1FB4-423C-BD9D-75DD6B6E66E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.09:*:*:*:*:*:*:*", "matchCriteriaId": "EEAC4542-BC4D-4DEA-8D7B-C750951E825F", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.11:*:*:*:*:*:*:*", "matchCriteriaId": "974AA5EF-9670-4DC6-89A2-DEDA3B3276D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.12:*:*:*:*:*:*:*", "matchCriteriaId": "DA0C77C1-D835-4539-809C-1D6E805D40AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.13:*:*:*:*:*:*:*", "matchCriteriaId": "E9FEEFF2-DB6B-472C-B2B7-C7C1D22DBA4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.14:*:*:*:*:*:*:*", "matchCriteriaId": "DA79A04C-D25D-4D3E-B131-D4249EE0DA4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.15:*:*:*:*:*:*:*", "matchCriteriaId": "474F086B-D331-498F-9313-159BC005BB17", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.16:*:*:*:*:*:*:*", "matchCriteriaId": "A17B080F-E6A3-4A3D-B600-22466C45C82C", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.17:*:*:*:*:*:*:*", "matchCriteriaId": "A464860D-5D5D-4065-A7C6-BBE5DC9139D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.18:*:*:*:*:*:*:*", "matchCriteriaId": "AF9197BC-92AB-4927-8805-494B39A2953A", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.19:*:*:*:*:*:*:*", "matchCriteriaId": "1B27121A-7B58-4548-935F-57C1FF187EE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.20:*:*:*:*:*:*:*", "matchCriteriaId": "073ED514-E2CC-4D18-A9F4-9654E9161727", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.21:*:*:*:*:*:*:*", "matchCriteriaId": "9D27D639-94D1-4BDE-AD4E-AEB37AFABCE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.22:*:*:*:*:*:*:*", "matchCriteriaId": "43826AA5-62A0-4452-8EC4-098982867CA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.23:*:*:*:*:*:*:*", "matchCriteriaId": "DDEA6E6A-D111-4320-BF3A-E5B7CC397423", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.24:*:*:*:*:*:*:*", "matchCriteriaId": "63FADFB7-14A0-4C13-8853-40EACFBDBD85", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:10.25:*:*:*:*:*:*:*", "matchCriteriaId": "3F80CAE4-2A0D-4805-AAC3-0FFD44D39F78", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:11.00:*:*:*:*:*:*:*", "matchCriteriaId": "61137963-5766-4F2E-B4A2-EDA5A4469720", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:11.01:*:*:*:*:*:*:*", "matchCriteriaId": "C7682507-9EA1-468D-8D8C-7060F068EA61", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:11.02:*:*:*:*:*:*:*", "matchCriteriaId": "BF9EAFEE-3A59-4350-903E-D46AC9185FFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:11.03:*:*:*:*:*:*:*", "matchCriteriaId": "0CD5DD65-A3DB-4F3F-A8CE-DEF6185D5648", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:11.04:*:*:*:*:*:*:*", "matchCriteriaId": "00C18571-A34F-4B61-B7FA-3649E31BA513", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:11.05:*:*:*:*:*:*:*", "matchCriteriaId": "7F7BE139-0DC5-4008-A974-D1A01E1758EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:11.06:*:*:*:*:*:*:*", "matchCriteriaId": "449AC115-FF3D-4D40-9D8A-8439625D3410", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:11.07:*:*:*:*:*:*:*", "matchCriteriaId": "84A099DF-F17F-47A3-A17E-C397445A3430", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:11.08:*:*:*:*:*:*:*", "matchCriteriaId": "4E680BB2-8E4B-407E-813E-661D8880DF5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:11.09:*:*:*:*:*:*:*", "matchCriteriaId": "0A1EF835-E571-4985-96DC-1703BF3F3BFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:11.11:*:*:*:*:*:*:*", "matchCriteriaId": "E7C74206-9610-4725-8AB9-CEBD6213DD07", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:11.12:*:*:*:*:*:*:*", "matchCriteriaId": "E4830A80-D9A8-48CB-B5AE-A36FB0BE7EB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:11.13:*:*:*:*:*:*:*", "matchCriteriaId": "E3FC908B-E1A7-4ED8-B6D2-A46CE87B96A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiteksoftware:automize:11.14:*:*:*:*:*:*:*", "matchCriteriaId": "90166099-D6E9-4346-9C24-1E2CB3FC2455", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for SSH/SFTP profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to and including 11.14."}, {"lang": "es", "value": "Puede ocurrir divulgaci\u00f3n de informaci\u00f3n en sshProfiles.jsd en Hitek Software's Automize debido a que el que el atributo Leer se establece para Usuarios. Esto permite a un atacante recuperar contrase\u00f1as cifradas para perfiles SSH/SFTP. Se verifica en todas las versiones hasta la 10.x incluyendo la 10.25 y todas las versiones hasta la 11.x incluyendo la 11.14."}], "id": "CVE-2016-10104", "lastModified": "2017-03-16T01:59:00.480", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-01-23T07:59:00.283", "references": [{"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/96845"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://rastamouse.me/guff/2016/automize/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-326"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}