WellinTech KingSCADA 3.1 < 2012-04-16 user.db Base-64 Encoding Local Credentials Disclosure

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains an application that stores passwords
insecurely.

Description :

According to its version, the instance of WellinTech KingSCADA
installed on the remote Windows host stores passwords in an
obfuscated, but not hashed format. This may enable attackers with
access to a KingSCADA project, either locally through the filesystem
or remotely though DCOM, to retrieve the passwords and use them in
further attacks.

See also :

http://dsecrg.com/pages/vul/show.php?id=405
http://en.wellintech.com/index.php/allproducts/kingscada

Solution :

Upgrade to the new version referenced in the advisory.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 59502 ()

Bugtraq ID: 51582

CVE ID: CVE-2012-1977

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial