cve/2024/CVE-2024-36497.md

### [CVE-2024-36497](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36497)
![](https://img.shields.io/static/v1?label=Product&message=WINSelect%20(Standard%20%2B%20Enterprise)&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-312%20Cleartext%20Storage%20of%20Sensitive%20Information&color=brighgreen)

### Description

The decrypted configuration file contains the password in cleartext which is used to configure WINSelect. It can be used to remove the existing restrictions and disable WINSelect entirely.

### POC

#### Reference
- http://seclists.org/fulldisclosure/2024/Jun/12
- https://r.sec-consult.com/winselect

#### Github
No PoCs found on GitHub currently.
Update CVE sources 2024-07-25 21:25 2024-07-25 21:25:12 +00:00			`### [CVE-2024-36497](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36497)`
			`![](https://img.shields.io/static/v1?label=Product&message=WINSelect%20(Standard%20%2B%20Enterprise)&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-312%20Cleartext%20Storage%20of%20Sensitive%20Information&color=brighgreen)`

			`### Description`

			`The decrypted configuration file contains the password in cleartext which is used to configure WINSelect. It can be used to remove the existing restrictions and disable WINSelect entirely.`

			`### POC`

			`#### Reference`
			`- http://seclists.org/fulldisclosure/2024/Jun/12`
			`- https://r.sec-consult.com/winselect`

			`#### Github`
			`No PoCs found on GitHub currently.`