E2 MFG Version 2022.6.0102.1104 Cleartext Transmission of Sensitive Information

by Vince
in Blog
Hits: 1222

Disclosure Date:  01/08/24

ECI Software Solutions E2 MFG Version 2022.6.0102.1104 and possibly before are affected by a Cleartext Transmission of Sensitive Information.  This could lead to a full compromised of the E2 MFG application, a full compromise of the Microsoft SQL Server, as well as other malicious actions. 

Setup Responder:



Launch mitm6:



Capture privileged account:



Capture unprivileged account:



Locate MSSQL Server:



Connect to MSSQL Server:



Execute XP CMDSHELL whoami: