CVE-2021-30116 – Kaseya Virtual System/Server Administrator (VSA) Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2021-30116

09 Jul 2021 — Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client for Windows and installs it, the file KaseyaD.ini is generated (C:\Program Files (x86)\Kaseya\XXXXXXXXXX\KaseyaD.ini) which contains an Agent_Guid and AgentPassword This Agent_Guid and AgentPassword can be used to ... • https://csirt.divd.nl/2021/07/04/Kaseya-Case-Update-2 • CWE-522: Insufficiently Protected Credentials •