WellinTech KingSCADA 3.1 < 2012-04-16 user.db Base-64 Encoding Local Credentials Disclosure
High Nessus Plugin ID 59502
SynopsisThe remote Windows host contains an application that stores passwords insecurely.
DescriptionAccording to its version, the instance of WellinTech KingSCADA installed on the remote Windows host stores passwords in an obfuscated, but not hashed format. This may enable attackers with access to a KingSCADA project, either locally through the filesystem or remotely though DCOM, to retrieve the passwords and use them in further attacks.
SolutionUpgrade to the new version referenced in the advisory.