Vulnerability Details CVE-2018-18656
The PureVPN client before 6.1.0 for Windows stores Login Credentials (username and password) in cleartext. The location of such files is %PROGRAMDATA%\purevpn\config\login.conf. Additionally, all local users can read this file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.7%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 2.1
References
Products affected by CVE-2018-18656
-
cpe:2.3:a:purevpn:purevpn:5.10.0
-
cpe:2.3:a:purevpn:purevpn:5.11.7
-
cpe:2.3:a:purevpn:purevpn:5.12.1
-
cpe:2.3:a:purevpn:purevpn:5.12.3
-
cpe:2.3:a:purevpn:purevpn:5.13.0
-
cpe:2.3:a:purevpn:purevpn:5.14.0
-
cpe:2.3:a:purevpn:purevpn:5.14.1
-
cpe:2.3:a:purevpn:purevpn:5.15.0
-
cpe:2.3:a:purevpn:purevpn:5.15.1
-
cpe:2.3:a:purevpn:purevpn:5.16.0
-
cpe:2.3:a:purevpn:purevpn:5.17.0
-
cpe:2.3:a:purevpn:purevpn:5.17.1.0
-
cpe:2.3:a:purevpn:purevpn:5.18.0
-
cpe:2.3:a:purevpn:purevpn:5.18.2
-
cpe:2.3:a:purevpn:purevpn:5.19.0
-
cpe:2.3:a:purevpn:purevpn:5.19.1
-
cpe:2.3:a:purevpn:purevpn:5.19.3
-
cpe:2.3:a:purevpn:purevpn:5.19.4
-
cpe:2.3:a:purevpn:purevpn:5.19.4.0
-
cpe:2.3:a:purevpn:purevpn:5.19.5
-
cpe:2.3:a:purevpn:purevpn:6.0.0
-
cpe:2.3:a:purevpn:purevpn:6.0.1
-
cpe:2.3:a:purevpn:purevpn:6.0.2
-
cpe:2.3:a:purevpn:purevpn:6.0.3