CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-36497: Unhashed Storage of Password

Description

The decrypted configuration file contains the password in cleartext
which is used to configure WINSelect. It can be used to remove the
existing restrictions and disable WINSelect entirely.

Classification

CVE ID: CVE-2024-36497

Affected Products

Vendor: Faronics

Product: WINSelect (Standard + Enterprise)

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 18.39% (scored less or equal to compared to others)

EPSS Date: 2025-03-14 (when was this score calculated)

References

https://r.sec-consult.com/winselect
https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes
http://seclists.org/fulldisclosure/2024/Jun/12

Timeline

2025-02-14 00:32:18 UTC
CVE

Unhashed Storage of Password