Filtered by vendor Securenvoy
Subscriptions
Filtered by product Securaccess
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-18466 | 1 Securenvoy | 1 Securaccess | 2025-05-30 | N/A |
| An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs (present in the DEBUG folder) that can be accessed by anyone. NOTE: The vendor disputes this as a vulnerability since the disclosure of a local account password (actually an alpha numeric passcode) is achievable only when a custom registry key is added to the windows registry. This action requires administrator access and the registry key is only provided by support staff at securenvoy to troubleshoot customer issues. | ||||
| CVE-2025-30235 | 1 Securenvoy | 1 Securaccess | 2025-03-19 | 3.5 Low |
| Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 is intended to disable accounts that have had more than 10 failed authentication attempts, but instead allows hundreds of failed authentication attempts, because concurrent attempts are mishandled. | ||||
| CVE-2025-30236 | 1 Securenvoy | 1 Securaccess | 2025-03-19 | 8.6 High |
| Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 allows authentication through only a six-digit TOTP code (skipping a password check) if an HTTP POST request contains a SESSION parameter. | ||||
Page 1 of 1.