Knowage Password Disclosure
Release date: 29/07/2019
Last update: 29/07/2019
Vendor site: https://www.knowage-suite.com/site/home/
Affected version(s): 6.1.1
Remediated version: 6.4
Severity Rating: Medium
Impact: Exposure of sensitive information
Attack vector: Remote with authentication
Details: Knowage before 6.4 exposes the account name and password for any data sources entered into the application.
The following is a proof of concept:
Recommendation: Update to the latest patch.
Discovered by: David Chadwick from Content Security Pty. Ltd.