[Japanese]

JVNDB-2018-000112

SecureCore Standard Edition vulnerable to authentication bypass

Overview

SecureCore Standard Edition provided by Feitian Japan Co., Ltd. contains an authentication bypass vulnerability (CWE-287).

Daisuke Ota of BizReach, inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 2.4 (Low) [IPA Score]
  • Attack Vector: physics
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 2.1 (Low) [IPA Score]
  • Access Vector: Local
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Feitian Japan Co., Ltd.
  • SecureCore Standard Edition Version 2.x

According to the developer, the software is affected by this vulnerability only when it is operated under Windows 8/8.1.
Impact

An attacker may bypass the product's authentication and log in to a Windows PC.
Solution

[Update the Software]
Update the software to the latest version according to the information provided by the developer.

[Apply the Patch]
Apply the patch according to the information provided by the developer.

For more information, refer to the information provided by the developer.
Vendor Information

Feitian Japan Co., Ltd.
CWE (What is CWE?)

  1. Improper Authentication(CWE-287) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2018-16160
References

  1. JVN : JVN#21528670
  2. National Vulnerability Database (NVD) : CVE-2018-16160
Revision History

  • [2018/10/24]
      Web page was published
  • [2019/08/06]
      References : Content was added

Date Public2018/10/24
Date First Published2018/10/24
Date Last Updated2019/08/06