An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attacker to access and modify the data without knowing the password. An attacker needs to have access to the password-protected files to trigger this vulnerability.
References
Link | Resource |
---|---|
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0537 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: talos
Published: 2018-12-03T22:00:00
Updated: 2022-04-19T18:04:40
Reserved: 2018-01-02T00:00:00
Link: CVE-2018-3854
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-12-03T22:29:00.810
Modified: 2022-12-03T14:20:47.140
Link: CVE-2018-3854
JSON object: View
Redhat Information
No data.
CWE