E2 MFG Version 2022.6.0102.1104 Cleartext Transmission of Sensitive Information
- by Vince
-
in Blog
-
Hits: 2800
Disclosure Date: 01/08/24
ECI Software Solutions E2 MFG Version 2022.6.0102.1104 and possibly before are affected by a Cleartext Transmission of Sensitive Information. This could lead to a full compromised of the E2 MFG application, a full compromise of the Microsoft SQL Server, as well as other malicious actions.
Setup Responder:
Launch mitm6:
Capture privileged account:
Capture unprivileged account:
Locate MSSQL Server:
Connect to MSSQL Server:
Execute XP CMDSHELL whoami: