A critical security flaw has been discovered in Ivanti Workspace Control that could leave sensitive data exposed. The vulnerability stems from the use of hardcoded cryptographic keys within the software. This significant issue, identified by security researchers, allows potential attackers to exploit the static, unchanging keys.
The primary risk associated with this flaw is the potential decryption of sensitive information stored within the Ivanti database. Specifically, this vulnerability makes it possible for unauthorized individuals to decrypt SQL credentials. Access to these credentials could grant attackers unauthorized access to the backend database, potentially leading to data breaches, manipulation, or further system compromise.
This vulnerability affects specific versions of Ivanti Workspace Control. To mitigate this risk and protect their environments, organizations using the software are strongly urged to apply the security updates released by the vendor immediately. Patching is the most effective way to close this security gap and prevent exploitation by malicious actors seeking to leverage the hardcoded key issue to gain access to critical database credentials. Proactive application of these updates is essential for maintaining the security and integrity of systems managed by Ivanti Workspace Control.
Source: https://www.bleepingcomputer.com/news/security/ivanti-workspace-control-hardcoded-key-flaws-expose-sql-credentials/
