{"id":8859,"date":"2025-07-24T07:33:40","date_gmt":"2025-07-24T07:33:40","guid":{"rendered":"http:\/\/localhost\/?p=8859"},"modified":"2025-07-24T07:33:40","modified_gmt":"2025-07-24T07:33:40","slug":"encryption-of-sensitive-data-in-capillaryscope-missing","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=8859","title":{"rendered":"Encryption of sensitive data in CapillaryScope missing"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nEncryption of sensitive data in CapillaryScope missing<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-07-24T12:14:20.971Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-07-24T12:14:20.971Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nCapillary io<\/td>\n<\/tr>\n
Product<\/th>\nCapillaryScope<\/td>\n<\/tr>\n
Version<\/th>\n0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n6.9 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:L\/AC:L\/AT:N\/PR:L\/UI:N\/VC:H\/VI:L\/VA:N\/SC:N\/SI:N\/SA:N<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nCapillaryScope v2.5.0 lacks encryption for sensitive data, including proxy credentials and JWT tokens, stored in plain text in Windows registry. Any local user with read access can exploit this to extract sensitive information.<\/td>\n<\/tr>\n
AI Severity<\/th>\nMedium<\/td>\n<\/tr>\n
AI Vendor<\/th>\nCapillary io<\/td>\n<\/tr>\n
AI Product<\/th>\nCapillaryScope<\/td>\n<\/tr>\n
AI Version<\/th>\n2.5.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n