Insecure Data Access in FairCom c-treeACE: Exploiting the Data Camouflage Vulnerability

Insecure Data Access in FairCom c-treeACE: Exploiting the Data Camouflage Vulnerability

CVE-2013-0148 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:N/A:N

The Data Camouflage (aka FairCom Standard Encryption) algorithm in FairCom c-treeACE does not ensure that a decryption key is needed for accessing database contents, which allows context-dependent attackers to read cleartext database records by copying a database to another system that has a certain default configuration.

Learn more about our Web Application Penetration Testing UK.