SoftPerfect Connection Quality Monitor Plaintext Credential Storage Vulnerability

A vulnerability exists in SoftPerfect Connection Quality Monitor version 1.1, where the application stores all user credentials in plaintext. These credentials are saved in a database file located at 'C:\ProgramData\SoftPerfect\Connection Quality Monitor\Connection Quality Monitor.DB', which is accessible to any user. This flaw compromises the application's security by exposing sensitive information.

Impact

The vulnerability allows for the unauthorized access of stored credentials, potentially leading to unauthorized actions or access within the application or related systems.

Reproduction

To reproduce this vulnerability, install SoftPerfect Connection Quality Monitor version 1.1 and configure the application with user credentials. Afterward, navigate to the file 'C:\ProgramData\SoftPerfect\Connection Quality Monitor\Connection Quality Monitor.DB' to find the credentials stored in plaintext.

Remediation

Credentials should be stored in an encrypted format that is not accessible to standard users.