E2 MFG Version 2022.6.0102.1104 Cleartext Transmission of Sensitive Information

by Vince
in Blog
Hits: 1222

Disclosure Date:  01/08/24

ECI Software Solutions E2 MFG Version 2022.6.0102.1104 and possibly before are affected by a Cleartext Transmission of Sensitive Information.  This could lead to a full compromised of the E2 MFG application, a full compromise of the Microsoft SQL Server, as well as other malicious actions. 

Setup Responder:

Launch mitm6:

Capture privileged account:

Capture unprivileged account:

Locate MSSQL Server:

Connect to MSSQL Server:

Execute XP CMDSHELL whoami: