CVE-2023-6253 – Saved Uninstall Key in Digital Guardian Agent Uninstaller

https://notcve.org/view.php?id=CVE-2023-6253

A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file. Una clave de cifrado guardada en el desinstalador Digital Guardian Agent anterior a la versión 7.9.4 permite a un atacante local recuperar la clave de desinstalación y eliminar el software extrayendo la clave de desinstalación de la memoria del archivo de desinstalación. The uninstaller in Fortra Digital Guardian Agent versions prior to 7.9.4 suffers from a cross site scripting vulnerability. Additionally, the Agent Uninstaller handles sensitive data insecurely and caches the Uninstall key in memory. This key can be used to stop or uninstall the application. • http://packetstormsecurity.com/files/175956/Fortra-Digital-Guardian-Agent-Uninstaller-Cross-Site-Scripting-UninstallKey-Cached.html http://seclists.org/fulldisclosure/2023/Nov/14 https://r.sec-consult.com/fortra https://www.fortra.com/security • CWE-922: Insecure Storage of Sensitive Information •