### [CVE-2024-36497](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36497)
![](https://img.shields.io/static/v1?label=Product&message=WINSelect%20(Standard%20%2B%20Enterprise)&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-312%20Cleartext%20Storage%20of%20Sensitive%20Information&color=brighgreen)

### Description

The decrypted configuration file contains the password in cleartext which is used to configure WINSelect. It can be used to remove the existing restrictions and disable WINSelect entirely.

### POC

#### Reference
- http://seclists.org/fulldisclosure/2024/Jun/12
- https://r.sec-consult.com/winselect

#### Github
No PoCs found on GitHub currently.