go to Content

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center



CHANGING Inc. NHIServiSignAdapter Windows Versions - Information Leakage -2

TVN ID TVN-202012005
CVE ID CVE-2020-25846
CVSS 7.5 (High)
Affected Products CHANGING Inc. NHIServiSignAdapter for Windows
Description The digest generation function of NHIServiSignAdapter has not been verified for source file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential.
Solution Update to version
Credit Angelboy (DEVCORE https://devco.re)
Public Date 2020-12-31