Executive Summary

This vulnerability exists in the StrongDM Desktop Application before version 23.74.0 on Microsoft Windows. It involves the application storing sensitive authentication information, including a JSON Web Token and asymmetric key material, in cleartext within a per-user state file located at C:\Users\<username>\.sdm\state.kv.

The file is only protected by default user-level NTFS permissions, meaning that if an attacker gains local read access to the affected user's profile directory, they could potentially access this sensitive information.

Exploitation requires local access and additional conditions on the target host, so it is not remotely exploitable without prior access.

Useful 0 Not Useful 0

Impact Analysis

If exploited, this vulnerability could allow an attacker with local read access to the user's profile directory to obtain authentication tokens and key material stored in cleartext.

This could lead to unauthorized access to the StrongDM Desktop Application or related systems, potentially compromising user accounts or sensitive data.

However, exploitation requires local access and specific conditions, which limits the risk to scenarios where an attacker already has some level of access to the target machine.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves the storage of authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users\<username>\.sdm\state.kv on affected Windows systems.

Detection can be performed by checking for the presence of the file state.kv in the .sdm directory within user profiles and inspecting its contents for sensitive authentication data stored in cleartext.

• Use the command to locate the file for a specific user: dir C:\Users\<username>\.sdm\state.kv
• Use a command to display the contents of the file, for example: type C:\Users\<username>\.sdm\state.kv
• Check NTFS permissions on the file to confirm it is only protected by default user-level permissions: icacls C:\Users\<username>\.sdm\state.kv

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting local read access to the affected user's profile directory to prevent unauthorized access to the cleartext authentication state file.

Additionally, updating the StrongDM Desktop Application to version 23.74.0 or later (Desktop Client 53.77.0 or later) will address this vulnerability by changing how authentication state is stored.

Until an update is applied, ensure that only trusted users have access to the affected user profiles and consider monitoring access to the .sdm directory.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability involves storing authentication state, including sensitive tokens and key material, in cleartext within a user-accessible file. This could potentially lead to unauthorized access to authentication credentials if an attacker gains local read access to the user's profile directory.

Such exposure of sensitive authentication data may impact compliance with standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive information to prevent unauthorized access and data breaches.

However, the vulnerability requires local access and specific conditions for exploitation, which may limit the risk depending on the environment and existing security controls.

Useful 0 Not Useful 0