Newforma Info Exchange Insufficiently Protected Credentials Vulnerability

Vulnerability

A vulnerability exists in Newforma Info Exchange (NIX) versions through 2024.3, where credentials for configuring NPCS are stored in the Windows Registry under 'HKLM\Software\WOW6432Node\Newforma\<version>\Credentials'. While the credentials are encrypted, the encryption key is also stored in the same registry location, allowing authenticated users to access both the encrypted credentials and the key. If the credentials are for Active Directory, an attacker could potentially access additional systems and resources.

Impact

This vulnerability allows for the unauthorized access of sensitive credentials, which could lead to further exploitation of systems and resources, especially if Active Directory credentials are involved.

Added: Oct 9, 2025, 9:32 PM

Updated: Oct 9, 2025, 9:32 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Newforma Info Exchange Insufficiently Protected Credentials Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating