CVE-2022-32279
CVE-2022-32279

CVE-2022-32279

CVE-2022-32389-Swift XMPP Client Desktop 4.0.2 has a Hard-coded Password affecting various sectors (Military, Finance and Government)

Description 

On June 1st, Our Green Tick security team was taking a snap-shot of the registry before and after installation in order to see what changes were being made in the registry and our team discovered hard-coded credentials and exposed (username, windows password, certificates, etc.) at Swift XMPP client. 

Swift Desktop is a multi-platform XMPP client for instant messaging and multi-user chat. A free and open-source client (with support packages available from Isode), it contains a number of features that make it ideal for use in secure environments such as the Military, Finance, and Government. 

Evidence 

The Security Team of Green Tick Nepal Pvt. Ltd. published a Proof of Concept (POC) for Isode Ltd. (Swift). The vulnerability was found in Swift XMPP client.  

Locate 'Computer\HKEY_CURRENT_USER\Software\Swift\Swift' at Registry Editor. 

swift cve

References 

https://gtn.com.np/storage/2022/06/SWIFT-CVE-REQUEST.pdf 

https://nvd.nist.gov/vuln/detail/CVE-2022-32389

https://www.tenable.com/cve/CVE-2022-32389

 

 

RECENT POSTS

you have online services

You have online services: How to secure your online business and enhance trust among customers?

Xi Jinping – Chinese President’s visit to Nepal

IT audits

Why Your Business Needs Regular IT Audits and Assessments?

Why Risk Analysis is Important for a Business?

Why Risk Analysis is Important for a Business?

why is stress testing so valuable

Why Is Stress Testing So Valuable?

 

SERVICES

information security

Information Security to Protect Business Assets

Preparing the Right Business

Preparing the Right Business Plan for Seed Capital/SME Loan

Business Continuity Plan BCP During Pandemic

Business Continuity Plan BCP During Pandemic

How Technology is Helping in Covid-19 Pandemic

How Technology is Helping in Covid-19 Pandemic