WellinTech KingSCADA 3.1 < 2012-04-16 user.db Base-64 Encoding Local Credentials Disclosure

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains an application that stores passwords
insecurely.

Description :

According to its version, the instance of WellinTech KingSCADA
installed on the remote Windows host stores passwords in an
obfuscated, but not hashed format. This may enable attackers with
access to a KingSCADA project, either locally through the filesystem
or remotely though DCOM, to retrieve the passwords and use them in
further attacks.

See also :

http://dsecrg.com/pages/vul/show.php?id=405
http://en.wellintech.com/index.php/allproducts/kingscada

Solution :

Upgrade to the new version referenced in the advisory.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 59502 ()

Bugtraq ID: 51582

CVE ID: CVE-2012-1977