CVE Details
Basic Information
| Title | Encryption of sensitive data in CapillaryScope missing |
|---|---|
| Type | cve |
| Published | 2025-07-24T12:14:20.971Z |
| Modified | 2025-07-24T12:14:20.971Z |
Product Information
| Vendor | Capillary io |
|---|---|
| Product | CapillaryScope |
| Version | 0 |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N |
AI Analysis
| AI Description | CapillaryScope v2.5.0 lacks encryption for sensitive data, including proxy credentials and JWT tokens, stored in plain text in Windows registry. Any local user with read access can exploit this to extract sensitive information. |
|---|---|
| AI Severity | Medium |
| AI Vendor | Capillary io |
| AI Product | CapillaryScope |
| AI Version | 2.5.0 |
Affected Products
- Capillary io CapillaryScope 0
Additional Information
| CWE List | CWE-311 |
|---|---|
| Source | INCIBE |
Description
Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT session token in plain text within different registry keys on the Windows operating system. Any authenticated local user with read access to the registry can extract these sensitive values.