Insecure Write Permissions in DATEV Nutzungskontrolle Allow Local Users to Bypass Access Restrictions

Insecure Write Permissions in DATEV Nutzungskontrolle Allow Local Users to Bypass Access Restrictions

CVE-2003-1169 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for critical registry keys, which allows local users to bypass access restrictions by importing NukoInfo values in certain DATEV keys, which disables Nutzungskontrolle.

Learn more about our User Device Pen Test.