Can you explain this vulnerability to me?

Aquarius Desktop 3.0.069 for macOS stores user authentication credentials in a local settings file using a weak obfuscation method. The password is encrypted with a predictable byte-substitution that can be easily reversed, allowing anyone who can read the file to recover the plaintext password immediately.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

An attacker who can access the settings file can fully compromise the victim's Aquarius account by importing the stolen configuration or logging in through the vendor website. This leads to complete account takeover, unauthorized access to cloud-synchronized data, and the ability to perform actions authenticated as the user.

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

You can detect this vulnerability by checking for the presence of the file '~/Library/Application Support/Aquarius/aquarius.settings' on macOS systems. Since the password is stored in this file using a weak obfuscation scheme, inspecting the contents of this file can reveal if sensitive credentials are exposed. A command to check for the file and view its contents is: 'cat ~/Library/Application\ Support/Aquarius/aquarius.settings'.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting access permissions to the '~/Library/Application Support/Aquarius/aquarius.settings' file to prevent unauthorized reading, such as using 'chmod 600' on the file. Additionally, avoid storing sensitive credentials in this file or use alternative secure storage methods. If possible, change your Aquarius account password and monitor for unauthorized access. Contact the vendor for updates or patches addressing this issue.

Useful 0 Not Useful 0