<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=2114085292224199&amp;ev=PageView&amp;noscript=1">

Security Advisory: Knowage Password Disclosure

Posted by David Chadwick - 31 July, 2019

header-picture

Knowage Password Disclosure

Release date: 29/07/2019

Last update: 29/07/2019

Vendor: Knowage-suite

Vendor site: https://www.knowage-suite.com/site/home/

Product: Knowage

Affected version(s): 6.1.1

Remediated version: 6.4

Severity Rating: Medium

Impact: Exposure of sensitive information

Attack vector: Remote with authentication

CVE: CVE-2019-13348

Details: Knowage before 6.4 exposes the account name and password for any data sources entered into the application.

The following is a proof of concept:

http://<HOST>/knowage/restful-services/2.0/datasources/

v

Recommendation: Update to the latest patch.

Discovered by: David Chadwick from Content Security Pty. Ltd.


Recent Posts

Three Types of Security Threats and How to Guard Against Them

read more

How to Manage Security In The New World of Cloud Computing

read more

How to implement largescale IT programs without losing your mind

read more