MILLENSYS Vision Tools Workspace Unauthenticated Configuration Disclosure Vulnerability

A vulnerability in MILLENSYS Vision Tools Workspace version 6.5.0.2585 has been identified, allowing unauthenticated access to a sensitive configuration endpoint. This endpoint, located at /MILLENSYS/settings, lacks proper access controls and exposes plaintext database credentials, file share paths, internal license server URLs, and software update parameters. An attacker could exploit this vulnerability to retrieve sensitive information, potentially leading to a full system compromise.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive configuration data, including database credentials and internal system paths, which could be used for further attacks or to compromise the system entirely.

Reproduction

The vulnerability can be reproduced by sending a request to the /MILLENSYS/settings endpoint without authentication. This can be done using a web browser or a tool like curl. Once the settings endpoint is accessed, the exposed configuration data can be retrieved from the /MILLENSYS/edit/Settings.MillenSys endpoint, which also does not require authentication.

Remediation

It is recommended to remove public access to the vulnerable endpoints and implement server-side authentication. Sensitive values should be removed from client-side HTML and stored credentials should be encrypted.