VanDyke Software

Security Advisory

Security Advisory

VanDyke Software VShell saved data vulnerable to brute-force attack

Risk assessment: Low


Posted: November 3, 2022

Description

Using a brute-force attack, it may be possible to crack sensitive data, such as passwords, stored in the VShell configuration in a relatively short amount of time.

Direct access to the configuration by a user with Administrator privileges is required in order to exploit this vulnerability.

Products Affected

  • VShell for Windows: versions 4.7.1 and earlier

Recommended Solutions

  • Upgrade to VShell for Windows 4.8 or later.

Notes:

  • In VShell 4.8, a stronger cryptographic algorithm is used to encrypt sensitive data stored in the configuration.

Vulnerability Fix Downloads

Revision History

November 3, 2022 – Security Advisory Published

VanDyke Software uses cookies to give you the best online experience. Before continuing to use this site, please confirm that you agree to our use of cookies. Please see our Cookie Usage for details.