Vulnerabilities > CVE-2023-6253 - Insecure Storage of Sensitive Information vulnerability in Fortra Digital Guardian Agent

CVSS 6.0 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

fortra

CWE-922

NVD

Published: 2023-11-22

Updated: 2024-11-21

Summary

A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file.

Vulnerable Configurations

Part	Description	Count
Application	Fortra Fortra Digital Guardian Agent -	1

Common Weakness Enumeration (CWE)

CWE-922 - Insecure Storage of Sensitive Information

References

http://packetstormsecurity.com/files/175956/Fortra-Digital-Guardian-Agent-Uninstaller-Cross-Site-Scripting-UninstallKey-Cached.html
http://packetstormsecurity.com/files/175956/Fortra-Digital-Guardian-Agent-Uninstaller-Cross-Site-Scripting-UninstallKey-Cached.html
http://seclists.org/fulldisclosure/2023/Nov/14
http://seclists.org/fulldisclosure/2023/Nov/14
https://r.sec-consult.com/fortra
https://r.sec-consult.com/fortra
https://www.fortra.com/security
https://www.fortra.com/security