Easywork Enterprise Cleartext Memory Storage Vulnerability

Vulnerability

A vulnerability exists in Easywork Enterprise version 2.1.3.354, allowing for cleartext storage of sensitive information in memory. After a failed activation attempt, the application retains valid device-bound license keys in process memory. These keys can be extracted using a debugger or by analyzing a process or memory dump. Once obtained, the keys can be used to activate the software on the same machine without payment.

Impact

Exploitation of this vulnerability could lead to unauthorized software activation using extracted license keys.

Added: Oct 27, 2025, 4:18 PM

Updated: Oct 27, 2025, 8:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.9

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.9

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Easywork Enterprise Cleartext Memory Storage Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating