EfficientLab WorkExaminer Professional Unencrypted Communication Vulnerability

A vulnerability exists in EfficientLab WorkExaminer Professional in all versions through 4.0.0.52001, allowing unencrypted data transmission between the monitoring client, console, and server. This flaw enables an attacker with network access to intercept and read sensitive information, such as screenshots and keystrokes, from monitored users. Additionally, the unencrypted FTP communication from clients to the server further exposes sensitive data. The vulnerability arises from a lack of encryption in data transmission, leaving critical information vulnerable to interception and modification by attackers on the network.

Impact

Exploitation of this vulnerability allows for interception and modification of unencrypted data transmitted between the WorkExaminer components. This includes sensitive information such as screenshots and keystrokes from monitored users, which can be accessed by an attacker with network access.

Reproduction

The vulnerability can be reproduced by installing WorkExaminer Professional version 4.0.0.52001 or earlier. Once the application is running, establish a network connection to the WorkExaminer FTP server on port 12304. The FTP communication is unencrypted, allowing interception of data logs transmitted from the monitoring clients to the server. Additionally, all traffic between the console client and the server on port 12306 is unencrypted, further exposing sensitive data such as keystrokes and screenshots from monitored users.