Primary

Context

Ivanti Workspace Control Hardcoded Key Vulnerability Allowing Decryption of Environment Passwords

Vulnerability

Patched

A vulnerability exists in Ivanti Workspace Control versions prior to 10.19.10.0, where a hardcoded key allows local authenticated attackers to decrypt stored environment passwords. This vulnerability could lead to unauthorized access to sensitive information by exploiting the decryption capability.

Impact

Exploitation of this vulnerability could result in the unauthorized decryption of environment passwords, potentially leading to credential compromise.

Remediation

Users can upgrade to Ivanti Workspace Control 2025.2 (10.19.x.x), which addresses these security issues. Instructions for migrating to the new IWC architecture are available in the Ivanti Workspace Control 2025.2 Migration Guide. Before installing the agent, relay-server, or Console component, the TLS certificate used by the ShieldAPI should be trusted by importing it to the Trusted Root Certificates Authorities for the Local Machine.

Added: Jun 10, 2025, 4:51 PM

Updated: Jun 10, 2025, 4:51 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

3.5

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

3.5

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ivanti Workspace Control Hardcoded Key Vulnerability Allowing Decryption of Environment Passwords

Vulnerability

Impact

Remediation

Affected Products

Ivanti Workspace Control

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating