Vulnerabilities > CVE-2014-4861 - Credentials Management vulnerability in Thycotic Secret Server

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

thycotic

CWE-255

critical

NVD

Published: 2018-03-09

Updated: 2018-03-29

Summary

The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended.

Vulnerable Configurations

Part	Description	Count
Application	Thycotic Thycotic Secret Server 7.5.000000 Thycotic Secret Server 8.0.000004 Thycotic Secret Server 8.0.000005 Thycotic Secret Server 8.1.000000 Thycotic Secret Server 8.1.000011 Thycotic Secret Server 8.1.000014 Thycotic Secret Server 8.2.000000 Thycotic Secret Server 8.2.000001 Thycotic Secret Server 8.3.000000 Thycotic Secret Server 8.3.000001 Thycotic Secret Server 8.3.000002 Thycotic Secret Server 8.3.000019 Thycotic Secret Server 8.4.000000 Thycotic Secret Server 8.4.000004 Thycotic Secret Server 8.5.000000 Thycotic Secret Server 8.6.000000 Thycotic Secret Server 8.6.000009	17

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://thycotic.com/products/secret-server/resources/advisories/cve-2014-4861/