CVE-2024-24272
📋 TL;DR
A vulnerability in iTop DualSafe Password Manager & Digital Vault allows local attackers to access sensitive credentials stored in plaintext within log files. This affects users of vulnerable versions who have local access to the system where the software is installed, potentially exposing passwords and other confidential data without requiring the master secret.
💻 Affected Systems
- iTop DualSafe Password Manager & Digital Vault
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of all stored credentials, leading to unauthorized access to accounts, services, and sensitive systems protected by the password manager.
Likely Case
Local users or malware with file system access can extract passwords from log files, potentially compromising individual accounts and services.
If Mitigated
With proper access controls and log file permissions, only authorized administrators could access the logs, limiting exposure.
🎯 Exploit Status
Exploitation requires local file system access to read log files. The vulnerability details and proof-of-concept are publicly documented.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.4.24
Vendor Advisory: https://research.hisolutions.com/2024/03/cve-2024-24272-dualsafe-password-manager-leaks-credentials/
Restart Required: Yes
Instructions:
1. Download version 1.4.24 or later from the official iTop website. 2. Backup your password database. 3. Install the update following vendor instructions. 4. Restart the application and verify functionality.
🔧 Temporary Workarounds
Restrict log file permissions
linuxSet strict file permissions on log files to prevent unauthorized local access.
chmod 600 /path/to/dualsafe/logs/*.log
chown root:root /path/to/dualsafe/logs/*.log
Disable debug logging
allConfigure the application to disable debug or verbose logging that may contain credentials.
Edit configuration file to set log_level = "ERROR" or similar minimal level
🧯 If You Can't Patch
- Implement strict access controls on systems running vulnerable versions, limiting local user access.
- Regularly monitor and audit log files for unauthorized access attempts or credential exposure.
🔍 How to Verify
Check if Vulnerable:
Check the application version in settings or about dialog. If version is below 1.4.24, the system is vulnerable.Check Version:
Check application settings or run: dualsafe --version (if CLI available)Verify Fix Applied:
After updating, verify the version is 1.4.24 or higher and check log files no longer contain plaintext credentials.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to log files
- Log entries containing plaintext passwords or credentials
Network Indicators:
- None - this is a local file system vulnerability
SIEM Query:
EventID=4663 AND ObjectName LIKE "%dualsafe%logs%" AND AccessMask=0x1