Insecure storage of sensitive information in NTFS Tool

Posted date 18/03/2025

Identificador

INCIBE-2025-0143

Importance

3 - Medium

Affected Resources

Ntfs tool, version 3.5.1

Description

INCIBE has coordinated the publication of medium severity vulnerability affecting Ntfs tool, which have been discovered by Reza Rashidi from Hazard Lab.

This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector and CWE vulnerability type:

CVE-2025-2489: CVSS v4.0: 6.8 | CVSS AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N. | CWE-922

Solution

There is no reported solution at this time.

Detail

CVE-2025-2489: insecure information storage vulnerability in NTFS Tools version 3.5.1. Exploitation of this vulnerability could allow an attacker to know the application password, stored in /Users/user/Library/Application Support/ntfs-tool/config.json.

References list

NTFS Tool - Web oficial

Etiquetas

0day
CNA
Password
Vulnerability