CVEs-PoC/2018/CVE-2018-9842.md

CVE-2018-9842

Description

CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a logon message.

POC

Reference

• http://seclists.org/fulldisclosure/2018/Apr/19
• https://www.exploit-db.com/exploits/44428/
• https://www.exploit-db.com/exploits/44829/
• https://www.exploit-db.com/exploits/45926/
• https://www.redteam-pentesting.de/en/advisories/rt-sa-2017-015/-cyberark-password-vault-memory-disclosure

Github

• https://github.com/ARPSyndicate/cve-scores
• https://github.com/ARPSyndicate/cvemon