CVE-2018-18466

Published: Mar 18, 2019

Modified: May 30, 2025

PUBLISHED

Description

An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs (present in the DEBUG folder) that can be accessed by anyone. NOTE: The vendor disputes this as a vulnerability since the disclosure of a local account password (actually an alpha numeric passcode) is achievable only when a custom registry key is added to the windows registry. This action requires administrator access and the registry key is only provided by support staff at securenvoy to troubleshoot customer issues.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.excellium-services.com/cert-xlm-advisory/cve-2018-18466/

https://www.excellium-services.com/cert-xlm-advisory

https://cds.thalesgroup.com/en/tcs-cert/CVE-2018-18466

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-18466

Description

Affected Products

References