Executive Summary

This vulnerability in Wazuh versions from 4.3.0 to before 4.13.0 is due to a missing Access Control List (ACL) on the file "C:\Program Files (x86)\ossec-agent\authd.pass". Because of this, the password stored in this file is exposed to all "Authenticated Users" on the local machine, potentially allowing unauthorized access. The issue was fixed in version 4.13.0.

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can lead to unauthorized local users gaining access to the password stored in the authd.pass file, which may allow them to escalate privileges or compromise the security of the Wazuh agent on the machine. This could undermine the threat prevention, detection, and response capabilities of the platform.

Useful 0 Not Useful 0

Mitigation Strategies

Upgrade Wazuh to version 4.13.0 or later, where the missing ACL issue on "C:\Program Files (x86)\ossec-agent\authd.pass" has been patched to prevent unauthorized access to the password file.

Useful 0 Not Useful 0