CVE-2024-45744

Published: Sep 27, 2024Modified: Oct 2, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745. At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally. Version 8.3.0 warns when using plain text secrets.

Affected (1)

Products: Topquadrant: Topbraid Edg

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Topquadrant Topbraid Edg	Version 7.1.3

Related CWEs

Storing Passwords in a Recoverable Format

The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (5)

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2024/va-24-254-02.json

Source: 9119a7d8-5eab-497f-8521-727c672e3725

Third Party Advisory

https://www.topquadrant.com/doc/latest/administrator_guide/edg_installation_and_authentication/hashicorp_integration.html

Source: 9119a7d8-5eab-497f-8521-727c672e3725

Technical Description

https://www.topquadrant.com/doc/latest/reference/PasswordManagementAdminPage.html

Source: 9119a7d8-5eab-497f-8521-727c672e3725

Technical Description

https://www.topquadrant.com/release-note/7-3/

Source: 9119a7d8-5eab-497f-8521-727c672e3725

Release Notes

https://www.topquadrant.com/wp-content/uploads/2025/02/changes-8.3.0.txt

Source: 9119a7d8-5eab-497f-8521-727c672e3725

Release Notes

Timeline

No history available yet.